diff --git a/modules/nixos/access/cidr.nix b/modules/nixos/access/cidr.nix
index 2bbaaf30..f471d153 100644
--- a/modules/nixos/access/cidr.nix
+++ b/modules/nixos/access/cidr.nix
@@ -4,7 +4,7 @@
   lib,
   ...
 }: let
-  inherit (lib.modules) mkIf mkMerge mkOptionDefault;
+  inherit (lib.modules) mkIf mkMerge mkDefault mkOptionDefault;
   inherit (lib.options) mkOption;
   inherit (lib.lists) optionals;
   inherit (lib.strings) concatStringsSep;
@@ -103,16 +103,19 @@ in {
   };
 
   config.networking = {
-    firewall = {
-      interfaces.local = {
+    firewall.interfaces = {
+      local = {
         nftables.conditions = [
-          "ip saddr { ${concatStringsSep ", " (cfg.cidrForNetwork.local.v4 ++ cfg.cidrForNetwork.int.v4)} }"
+          "ip saddr { ${concatStringsSep ", " cfg.cidrForNetwork.local.v4} }"
           (
             mkIf networking.enableIPv6
-            "ip6 saddr { ${concatStringsSep ", " (cfg.cidrForNetwork.local.v6 ++ cfg.cidrForNetwork.int.v6)} }"
+            "ip6 saddr { ${concatStringsSep ", " cfg.cidrForNetwork.local.v6} }"
           )
         ];
       };
+      lan = {
+        nftables.conditions = mkIf config.networking.firewall.interfaces.local.nftables.enable (mkDefault config.networking.firewall.interfaces.local.nftables.conditions);
+      };
     };
   };
 }
diff --git a/nixos/reisen-ct/proxmox.nix b/nixos/reisen-ct/proxmox.nix
index e8a66c1a..e9f3043f 100644
--- a/nixos/reisen-ct/proxmox.nix
+++ b/nixos/reisen-ct/proxmox.nix
@@ -1,15 +1,13 @@
 {
-  config,
   system,
   gensokyo-zone,
   lib,
   modulesPath,
   ...
 }: let
-  inherit (gensokyo-zone.lib) unmerged coalesce;
+  inherit (gensokyo-zone.lib) unmerged;
   inherit (lib.modules) mkIf mkMerge mkDefault;
   inherit (lib.attrsets) mapAttrsToList;
-  inherit (lib.trivial) mapNullable;
   inherit (system) proxmox;
 in {
   imports = [
@@ -32,16 +30,12 @@ in {
     })
   proxmox.network.interfaces));
 
-  networking.firewall.interfaces.lan = let
-    inherit (proxmox.network) internal local;
-    conditions = coalesce [
-      (mapNullable (interface: ["iifname ${interface.name}"]) internal.interface)
-      (mapNullable (interface: config.networking.firewall.interfaces.local.nftables.conditions) local.interface)
-    ];
+  networking.firewall.interfaces = let
+    inherit (proxmox.network) internal;
+    intConditions = ["iifname ${internal.interface.name}"];
   in
-    mkIf (conditions != null) {
-      nftables = {
-        inherit conditions;
-      };
+    mkIf (internal.interface != null) {
+      lan.nftables.conditions = intConditions;
+      local.nftables.conditions = intConditions;
     };
 }
diff --git a/systems/kasen/nixos.nix b/systems/kasen/nixos.nix
index 4ef9332d..897e7fb7 100644
--- a/systems/kasen/nixos.nix
+++ b/systems/kasen/nixos.nix
@@ -49,11 +49,6 @@
       };
     };
   };
-  networking.firewall.interfaces.lan = {
-    nftables = {
-      conditions = config.networking.firewall.interfaces.local.nftables.conditions;
-    };
-  };
 
   system.stateVersion = "24.05";
 }