diff --git a/roles/pf/templates/pf.conf.gw_dna.j2 b/roles/pf/templates/pf.conf.gw_dna.j2
index e9627b1..bae9ee8 100644
--- a/roles/pf/templates/pf.conf.gw_dna.j2
+++ b/roles/pf/templates/pf.conf.gw_dna.j2
@@ -64,9 +64,6 @@ pass in quick proto tcp from any to self port https
 # block rest of packets coming to me
 block in quick from any to self
 
-# allow communication from internal to world
-pass in quick on $int_if from $int_net to !$int_net
-
 # allow myself to communicate outside (both routes)
 pass out quick on $ext_if from self to any
 pass out quick on $int_if from self to any
@@ -74,6 +71,9 @@ pass out quick on $int_if from self to any
 # allow traffic from outside
 pass out quick on $int_if from any to $int_net
 
+# allow communication from internal to world
+pass in quick on $int_if from $int_net to !$int_net
+
 # drop rest
 block in quick log all
 block out quick log all