diff --git a/ansible/roles/pre-configure/templates/nftables.conf b/ansible/roles/pre-configure/templates/nftables.conf
index 3f1d5e639d734234cc410de846b2c265b753cfd4..e9867c0ee45517e358044ff2ff7fa188a59534ad 100644
--- a/ansible/roles/pre-configure/templates/nftables.conf
+++ b/ansible/roles/pre-configure/templates/nftables.conf
@@ -1,6 +1,8 @@
 #!/usr/sbin/nft -f
 
-flush ruleset
+# only flush inet ruleset, specified in this file. This keeps the rulesets 
+# added by kube in place, even on a reload
+flush ruleset inet
 
 table inet nat {
   chain PREROUTING {
@@ -22,6 +24,9 @@ table inet filter {
     # accept traffic originated from us
     ct state related,established counter accept
 
+    # load additional firewall scripts
+    include "/etc/nftables.d/*.nft"
+
     # Ports open from the outside
     # 22:    ssh
     # 80:    http