diff --git a/configuration.nix b/configuration.nix
index 81dcea8..37b2e21 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -157,17 +157,8 @@
 
   # wireguard settings
   networking.firewall = {
-    # if packets are still dropped, they will show up in dmesg
-    logReversePathDrops = true;
-    # wireguard trips rpfilter up
-    extraCommands = ''
-      ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
-      ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
-    '';
-    extraStopCommands = ''
-      ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
-      ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
-    '';
+    allowedUDPPorts = [ 51820 ];
+    enable = true;
   };
 
   # This value determines the NixOS release from which the default
diff --git a/user.nix b/user.nix
index 20177b4..0c24ad7 100644
--- a/user.nix
+++ b/user.nix
@@ -35,6 +35,7 @@
       mpv
       yt-dlp
       obs-studio
+      ffmpeg
 
       # images
       feh