diff --git a/roles/wireguard_endpoint/tasks/main.yml b/roles/wireguard_endpoint/tasks/main.yml
index d677f59..3f05702 100644
--- a/roles/wireguard_endpoint/tasks/main.yml
+++ b/roles/wireguard_endpoint/tasks/main.yml
@@ -4,7 +4,6 @@
     pkg:
       - ifupdown2
       - wireguard
-      - nftables
     state: latest
     update_cache: yes
 
@@ -42,21 +41,4 @@
   diff: no
   notify:
     - Reload network interfaces
-
-- name: Enable nftables
-  systemd:
-    name: nftables.service
-    state: started
-    enabled: yes
-
-#- name: Configure nftables
-#  template:
-#    src: nftables.conf.j2
-#    dest: /etc/nftables.conf
-#    validate: /sbin/nft -c -f %s
-#    owner: root
-#    group: root
-#    mode: u=rw,g=r,o=
-#  notify:
-#    - Reload nftables
 ...
diff --git a/roles/wireguard_endpoint/templates/nftables.conf.j2 b/roles/wireguard_endpoint/templates/nftables.conf.j2
deleted file mode 100644
index 77388fe..0000000
--- a/roles/wireguard_endpoint/templates/nftables.conf.j2
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/usr/sbin/nft -f
-# {{ ansible_managed }}
-
-flush ruleset
-
-#table ip nat {
-#
-#	chain prerouting {
-#		type nat hook prerouting priority -100
-#		policy accept
-#	}
-#
-#	chain postrouting {
-#		type nat hook prerouting priority 100
-#		policy accept
-#
-#		#{% for endpoint in wireguard_endpoints %}
-#		#oifname "{{ endpoint.name }}" masquerade
-#		#{% endfor %}
-#	}
-#
-#}
-
-table inet filter {
-
-	set blacklist_v4 {
-		type ipv4_addr
-	}
-
-	set blacklist_v6 {
-		type ipv6_addr
-	}
-
-	chain blacklist {
-		ip saddr @blacklist_v4 drop
-		ip6 saddr @blacklist_v6 drop
-	}
-
-	chain conntrack {
-		ct state invalid drop
-		ct state related, established accept
-	}
-
-	chain input {
-		type filter hook input priority 0
-		policy drop
-
-		iif lo accept
-
-		jump blacklist
-		jump conntrack
-
-		# TODO: ansible + separate nftables module
-		ip protocol icmp accept
-
-		{% for rule in nftables_basic_input_rules %}
-		{{ rule.proto }} \
-			{% if "saddr" in rule %} saddr {{ rule.saddr }} \ {% endif %}
-			{% if "sport" in rule %} sport {{ rule.sport }} \ {% endif %}
-			{% if "daddr" in rule %} daddr {{ rule.daddr }} \ {% endif %}
-			{% if "dport" in rule %} dport {{ rule.dport }} \ {% endif %}
-			{{ rule.verdict }}
-		{% endfor %}
-	}
-
-	chain forward {
-		type filter hook forward priority 0
-		policy drop
-
-		iif lo accept
-
-		jump blacklist
-		jump conntrack
-
-		{% for endpoint in wireguard_endpoints %}
-		iifname "{{ endpoint.name }}" accept
-		{% endfor %}
-	}
-
-	chain output {
-		type filter hook output priority 0
-		policy accept
-	}
-
-}
-