diff --git a/roles/wireguard/templates/wg0.conf b/roles/wireguard/templates/wg0.conf
index 999d2eb..b5c1709 100644
--- a/roles/wireguard/templates/wg0.conf
+++ b/roles/wireguard/templates/wg0.conf
@@ -2,10 +2,8 @@
 # This is the virtual IP address, with the subnet mask we will use for the VPN. Note that this must not be on our LAN subnet and should be an uncommon subnet to avoid address conflicts
 Address = {{ wireguard.address }}
 ListenPort = {{ wireguard.port }}
-PostUp = iptables -w -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
-PostDown = iptables -w -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
-#PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
-#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
+PostUp = iptables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
+PostDown = iptables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
 PrivateKey = {{ private_key.stdout }}
 
 {% for peer in wireguard.peers %}