diff --git a/roles/common/templates/update-firehol-nftables.sh.j2 b/roles/common/templates/update-firehol-nftables.sh.j2
index 0186e3e..ae2ce41 100755
--- a/roles/common/templates/update-firehol-nftables.sh.j2
+++ b/roles/common/templates/update-firehol-nftables.sh.j2
@@ -28,11 +28,14 @@ if [[ -f "firehol_level1.netset" ]]; then
     firehol_level1_ipv4_list_temp=$(mktemp)
     firehol_level1_ipv4_set_temp=$(mktemp)
 
-    # Filter blank lines and comments
+    # Filter blank lines, comments, and bogons we use inside the LAN, DMZ, and
+    # for local services like systemd-resolved and others on localhost. Ideally
+    # these are blocked already at the WAN side by network administrators.
     cat firehol_level1.netset \
         | sed \
             -e '/^$/d' \
             -e '/^#.*/d' \
+            -e '/^127\.0\.0\.0\/8/d' \
         > "$firehol_level1_ipv4_list_temp"
 
     echo "Building firehol_level1-ipv4 set"