diff --git a/ansible_collections/nullified/infrastructure/roles/deluge/defaults/main.yml b/ansible_collections/nullified/infrastructure/roles/deluge/defaults/main.yml
index b2c5550..a436aa1 100644
--- a/ansible_collections/nullified/infrastructure/roles/deluge/defaults/main.yml
+++ b/ansible_collections/nullified/infrastructure/roles/deluge/defaults/main.yml
@@ -17,5 +17,3 @@ deluge_daemon_incoming_port: 6881
 deluge_daemon_outgoing_port_lo: 6889
 deluge_daemon_outgoing_port_hi: 6899
 deluge_web_expose_client: false
-deluge_allow_remote_control: false
-deluge_allowed_remotes: []
diff --git a/ansible_collections/nullified/infrastructure/roles/deluge/templates/core.conf.j2 b/ansible_collections/nullified/infrastructure/roles/deluge/templates/core.conf.j2
index 0edc993..8cd4e87 100644
--- a/ansible_collections/nullified/infrastructure/roles/deluge/templates/core.conf.j2
+++ b/ansible_collections/nullified/infrastructure/roles/deluge/templates/core.conf.j2
@@ -3,7 +3,7 @@
 "format": 1
 }{
 "add_paused": false,
-"allow_remote": {{ 'true' if deluge_allow_remote_control is truthy else 'false' }},
+"allow_remote": false,
 "auto_manage_prefer_seeds": false,
 "auto_managed": true,
 "cache_expiry": 60,
diff --git a/ansible_collections/nullified/infrastructure/roles/deluge/templates/nftables.d/deluge.nft.j2 b/ansible_collections/nullified/infrastructure/roles/deluge/templates/nftables.d/deluge.nft.j2
index a2c1cce..231ec0d 100644
--- a/ansible_collections/nullified/infrastructure/roles/deluge/templates/nftables.d/deluge.nft.j2
+++ b/ansible_collections/nullified/infrastructure/roles/deluge/templates/nftables.d/deluge.nft.j2
@@ -1,18 +1,3 @@
-{% set deluge_allowed_remotes_ip4 = deluge_allowed_remotes | default([]) | ansible.utils.ipv4 %}
-{% set deluge_allowed_remotes_ip6 = deluge_allowed_remotes | default([]) | ansible.utils.ipv6 %}
-
-{% if deluge_allow_remote_control and deluge_allowed_remotes_ip4 | length > 0 %}
-define allowed_controllers4 = {
-    {{ deluge_allowed_remotes_ip4 | join(", ") | wordwrap(40, wrapstring="\n    ", break_long_words=False) }}
-}
-{% endif %}
-
-{% if deluge_allow_remote_control and deluge_allowed_remotes_ip6 | length > 0 %}
-define allowed_controllers6 = {
-    {{ deluge_allowed_remotes_ip6 | join(", ") | wordwrap(40, wrapstring="\n    ", break_long_words=False) }}
-}
-{% endif %}
-
 table inet filter {
     chain input {
 {% if deluge_web_expose_client %}
@@ -21,14 +6,6 @@ table inet filter {
         meta nfproto { ipv4, ipv6 } iifname "lo" tcp dport {{ deluge_web_port }} accept
 {% endif %}
         iifname "lo" tcp dport {{ deluge_daemon_control_port }} accept
-{% if deluge_allow_remote_control %}
-{% if deluge_allowed_remotes_ip4 | length > 0 %}
-        ip saddr $allowed_controllers4 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
-{% endif %}
-{% if deluge_allowed_remotes_ip6 | length > 0 %}
-        ip6 saddr $allowed_controllers6 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
-{% endif %}
-{% endif %}
         meta l4proto { tcp, udp } th dport {{ deluge_daemon_incoming_port }} accept
         meta l4proto { tcp, udp } th dport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept
     }
@@ -38,14 +15,6 @@ table inet filter {
         meta nfproto { ipv4, ipv6 } tcp sport {{ deluge_web_port }} accept
 {% else %}
         meta nfproto { ipv4, ipv6 } oifname "lo" tcp sport {{ deluge_web_port }} accept
-{% endif %}
-{% if deluge_allow_remote_control %}
-{% if deluge_allowed_remotes_ip4 | length > 0 %}
-        ip saddr $allowed_controllers4 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
-{% endif %}
-{% if deluge_allowed_remotes_ip6 | length > 0 %}
-        ip6 saddr $allowed_controllers6 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
-{% endif %}
 {% endif %}
         meta l4proto { tcp, udp } th sport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept
         oifname "lo" tcp sport {{ deluge_daemon_control_port }} accept
diff --git a/ansible_collections/nullified/infrastructure/roles/nginx/templates/ingress_http_nginx.nft.j2 b/ansible_collections/nullified/infrastructure/roles/nginx/templates/ingress_http_nginx.nft.j2
index 27d1fa2..9d335fe 100644
--- a/ansible_collections/nullified/infrastructure/roles/nginx/templates/ingress_http_nginx.nft.j2
+++ b/ansible_collections/nullified/infrastructure/roles/nginx/templates/ingress_http_nginx.nft.j2
@@ -1,9 +1,9 @@
 table inet filter {
     chain input {
-        meta l4proto { tcp, udp } th dport { http, https } accept
+        meta nfproto { ipv4, ipv6 } tcp dport { http, https } accept
     }
 
     chain output {
-        meta l4proto { tcp, udp } th sport { http, https } accept
+        meta nfproto { ipv4, ipv6 } tcp sport { http, https } accept
     }
 }
diff --git a/inventory/host_vars/lithium/vars.yml b/inventory/host_vars/lithium/vars.yml
index fc0f50d..f1491a3 100644
--- a/inventory/host_vars/lithium/vars.yml
+++ b/inventory/host_vars/lithium/vars.yml
@@ -6,7 +6,5 @@ nginx_sites: "{{ vault_nginx_sites }}"
 nginx_streams: "{{ vault_nginx_streams }}"
 deluge_web_password: '{{ vault_deluge_web_password }}'
 deluge_web_password_salt: '{{ vault_deluge_web_password_salt }}'
-deluge_allow_remote_control: '{{ vault_deluge_allow_remote_control }}'
-deluge_allowed_remotes: '{{ vault_deluge_allowed_remotes }}'
 global_dns_udp_dns4: "{{ vault_global_dns_udp_dns4 }}"
 global_dns_udp_dns6: "{{ vault_global_dns_udp_dns6 }}"