diff --git a/host/x86_64-linux/home/Network.nix b/host/x86_64-linux/home/Network.nix
index b02eb14..702173b 100644
--- a/host/x86_64-linux/home/Network.nix
+++ b/host/x86_64-linux/home/Network.nix
@@ -153,13 +153,22 @@ in {
 		firewall = {
 			enable = true;
 			extraCommands = util.trimTabs ''
-				# Wan access for 10.0.0.0/24 subnet.
-				iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 0/0 -o ${wan} -j MASQUERADE
+				# Wan access for 10.0.0.0/8 subnet.
+				# iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 0/0 -o ${wan} -j MASQUERADE
 
 				# Full access from Lan.
 				iptables  -I INPUT -j ACCEPT -i ${lan} -d ${internal}
 				ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6}
 
+				# Block wrong routes. TODO fix.
+				iptables  -I INPUT -j REJECT -i ${lan} -d 169.254.15.92
+				iptables  -I INPUT -j REJECT -i ${lan} -d 188.242.247.132
+				iptables  -I INPUT -j REJECT -i ${lan} -d 192.168.142.113
+				iptables  -I INPUT -j REJECT -i ${lan} -d 10.0.1.1
+				iptables  -I INPUT -j REJECT -i ${lan} -d 188.242.247.132
+				ip6tables -I INPUT -j REJECT -i ${lan} -d 2a05:3580:f42c:c800:aaa1:59ff:fe47:fda2
+				ip6tables -I INPUT -j REJECT -i ${lan} -d 2a05:3580:f42c:c801:8079:82ff:fe1a:916a
+
 				# Public email server.
 				ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 25