diff --git a/states/nftables/templates/rules.nft.j2 b/states/nftables/templates/rules.nft.j2
index 012103c..b339972 100644
--- a/states/nftables/templates/rules.nft.j2
+++ b/states/nftables/templates/rules.nft.j2
@@ -23,14 +23,16 @@ add rule ip filter INPUT {{ value.proto }} dport {{ value.port }} ct state estab
 
 ## IPv4 NAT
 add table ip nat
-add chain ip nat PREROUTING { type nat hook prerouting priority -1; policy accept; }
+add chain ip nat PREROUTING { type nat hook prerouting priority dstnat; policy accept; }
 add chain ip nat INPUT { type nat hook input priority 1; policy accept; }
-add chain ip nat OUTPUT { type nat hook output priority -1; policy accept; }
-add chain ip nat POSTROUTING { type nat hook postrouting priority 1; policy accept; }
+add chain ip nat OUTPUT { type nat hook output priority -100; policy accept; }
+add chain ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }
 add chain ip nat DOCKER
 {%- for key, value in net.nats.items() %}
 add rule ip nat POSTROUTING ip saddr {{ value.ip }}/{{ value.mask }} counter masquerade
 {%- endfor %}
+add rule ip nat POSTROUTING oifname != "docker0" ip saddr 172.17.0.0/24 counter masquerade
+add rule ip nat PREROUTING fib daddr type local counter jump DOCKER
 add rule ip nat OUTPUT ip daddr != 127.0.0.0/8 fib daddr type local counter jump DOCKER
 
 add rule ip nat DOCKER iifname "docker0" counter return