diff --git a/playbook.yml b/playbook.yml
index eddda47..7ee330c 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -9,15 +9,15 @@
   roles:
     # These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again.
     # Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though.
-    - role: devsec.hardening.ssh_hardening
-      become: true
-    - role: hostname
+    # - role: devsec.hardening.ssh_hardening
+    #   become: true
+    # - role: hostname
     - role: basic-intalls
-    - role: user
-    - role: cloudflare-ddns
-    - role: reverse-proxy
-    - role: actual
-    # - role: pi-hole
+    # - role: user
+    # - role: cloudflare-ddns
+    # - role: reverse-proxy
+    # - role: actual
+    - role: pi-hole
   vars:
     # devsec.hardening.ssh_hardening vars:
     ssh_allow_users: 'thomas'
diff --git a/roles/basic-intalls/tasks/main.yml b/roles/basic-intalls/tasks/main.yml
index 4cf2587..a658673 100644
--- a/roles/basic-intalls/tasks/main.yml
+++ b/roles/basic-intalls/tasks/main.yml
@@ -5,6 +5,7 @@
     pkg:
       - git
       - vim
+      - dnsutils
       - ufw
       - podman
       - snapd
@@ -39,6 +40,12 @@
     regexp: '^#net/ipv4/ip_forward=1$'
     line: 'net/ipv4/ip_forward=1'
   notify: Restart ufw
+- name: Allow forwarding in sysctl
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/sysctl.conf
+    regexp: '^#net\.ipv4\.ip_forward=1$'
+    line: net.ipv4.ip_forward=1
 - name: Allow all access to ssh
   become: true
   community.general.ufw:
diff --git a/roles/pi-hole/tasks/main.yml b/roles/pi-hole/tasks/main.yml
index 703d873..04e76c3 100644
--- a/roles/pi-hole/tasks/main.yml
+++ b/roles/pi-hole/tasks/main.yml
@@ -40,7 +40,7 @@
   containers.podman.podman_container:
     name: pi-hole
     image: docker.io/pihole/pihole:2024.03.2
-    restart_policy: on-failure # TODO: Doesn't restart containers on reboot for some reason...
+    restart_policy: on-failure
     publish:
     # It seems we can't use authbind in combination with Podman, see: https://github.com/containers/podman/issues/13426.
     # Instead we'll map to a higher port number and install and use the ufw firewall to forward packets to the local port.
@@ -78,21 +78,14 @@
   become: true
   ansible.builtin.blockinfile:
     path: /etc/ufw/before.rules
-    insertafter: "^COMMIT$"
-    block: |-
+    insertbefore: "^\\*filter$"
+    block: |
       *nat
       :PREROUTING ACCEPT [0:0]
-      -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-port 5053
-      -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 5053
+      -A PREROUTING -p tcp -i eth0 --dport 53 -j DNAT \ --to-destination 127.0.0.1:5053
+      -A PREROUTING -p udp -i eth0 --dport 53 -j DNAT \ --to-destination 127.0.0.1:5053
       COMMIT
   notify: Restart ufw
-- name: Allow all access to https
-  become: true
-  community.general.ufw:
-    rule: allow
-    port: https
-    proto: tcp
-  notify: Restart ufw
 - name: Allow all access to port 53 (udp)
   become: true
   community.general.ufw: