diff --git a/zones/dmz.nft b/zones/dmz.nft
index 5055085..fad7e9a 100644
--- a/zones/dmz.nft
+++ b/zones/dmz.nft
@@ -47,8 +47,8 @@ table inet firewall {
 	}
 
 	chain from_dmz {
-		ip saddr . tcp dport @dmz_allowed_tcp_out accept;
-		ip saddr . udp dport @dmz_allowed_udp_out accept;
+		not ip saddr . tcp dport @dmz_allowed_tcp_out drop;
+		not ip saddr . udp dport @dmz_allowed_udp_out drop;
 	}
 
 }