diff --git a/files/br-rtr/nftables.conf b/files/br-rtr/nftables.conf
index fceb65f..dfff51c 100755
--- a/files/br-rtr/nftables.conf
+++ b/files/br-rtr/nftables.conf
@@ -8,7 +8,7 @@ table inet filter {
 		log prefix "Dropped Input: " level debug
 		iif lo accept
 		ct state established,related accept
-		tcp dport { 22,514,53,80,443,3015,445,139,88,2026,8080,2049 } accept
+		tcp dport { 22,514,53,80,443,3015,445,139,88,2026,8080,2049,389 } accept
 		udp dport { 53,123,500,4500,88,137,8080,2049 } accept
 		ip protocol icmp accept
 		ip protocol esp accept
@@ -20,7 +20,7 @@ table inet filter {
 		log prefix "Dropped forward: " level debug
 		iif lo accept
 		ct state established,related accept
-		tcp dport { 22,514,53,80,443,3015,445,139,88,2026,8080,2049 } accept
+		tcp dport { 22,514,53,80,443,3015,445,139,88,2026,8080,2049,389 } accept
 		udp dport { 53,123,500,4500,88,137,8080,2049 } accept
 		ip protocol icmp accept
 		ip protocol esp accept
diff --git a/files/hq-rtr/nftables.conf b/files/hq-rtr/nftables.conf
index 4ea8484..64fd675 100755
--- a/files/hq-rtr/nftables.conf
+++ b/files/hq-rtr/nftables.conf
@@ -8,7 +8,7 @@ table inet filter {
 		log prefix "Dropped Input: " level debug
 		iif lo accept
 		ct state established,related accept
-		tcp dport { 22,514,53,80,443,3015,445,139,88,2026,8080,631,2049 } accept
+		tcp dport { 22,514,53,80,443,3015,445,139,88,2026,8080,631,2049,389 } accept
 		udp dport { 53,123,500,4500,88,137,8080,631,2049 } accept
 		ip protocol icmp accept
 		ip protocol esp accept
@@ -20,7 +20,7 @@ table inet filter {
 		log prefix "Dropped forward: " level debug
 		iif lo accept
 		ct state established,related accept
-		tcp dport { 22,514,53,80,443,3015,445,139,88,2026,8080,631,2049 } accept
+		tcp dport { 22,514,53,80,443,3015,445,139,88,2026,8080,631,2049,389 } accept
 		udp dport { 53,123,500,4500,88,137,8080,631,2049 } accept
 		ip protocol icmp accept
 		ip protocol esp accept