diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 2a8877d20..dd15beb44 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -217,10 +217,14 @@ iptables_init() {
 	iptables -A OUTPUT  -m policy --dir out --pol none -j IPSECBLOCK
 
 	# Block unauthorized WireGuard traffic
-	ipatbles -N WGBLOCK
+	iptables -N WGBLOCK
 	iptables -A INPUT   -i wg+ -j WGBLOCK
 	iptables -A FORWARD -i wg+ -j WGBLOCK
 
+	# NAT for WireGuard peers
+	iptables -t nat -N WGNAT
+	iptables -t nat -A POSTROUTING -j WGNAT
+
 	# Block OpenVPN transfer networks
 	iptables -N OVPNBLOCK
 	iptables -A INPUT   -i tun+ -j OVPNBLOCK