diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix
index f1a0f888..70a069c2 100644
--- a/nixos/hosts/osaka-linode-01/firewall.nix
+++ b/nixos/hosts/osaka-linode-01/firewall.nix
@@ -26,13 +26,13 @@
       ruleset = ''
           table ip nat {
             chain PREROUTING {
+              type nat hook prerouting priority dstnat; policy accept;
               iifname "enp0s4" tcp dport 25    dnat to 10.100.0.2:25;    # Mailserver
               iifname "enp0s4" tcp dport 143   dnat to 10.100.0.2:143;   # Mailserver
               iifname "enp0s4" tcp dport 465   dnat to 10.100.0.2:465;   # Mailserver
               iifname "enp0s4" tcp dport 587   dnat to 10.100.0.2:587;   # Mailserver
               iifname "enp0s4" tcp dport 993   dnat to 10.100.0.2:993;   # Mailserver
               iifname "enp0s4" tcp dport 4190  dnat to 10.100.0.2:4190;  # Mailserver
-              type nat hook prerouting priority dstnat; policy accept;
               iifname "enp0s4" tcp dport 80    dnat to 10.100.0.2:80;    # HTTP
               iifname "enp0s4" tcp dport 443   dnat to 10.100.0.2:443;   # HTTPS
               iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420; # Vintage Story