diff --git a/gateway/initial_gw_setup.yml b/gateway/initial_gw_setup.yml
index f4777f22878798ec99ff68abdfdcb68f2c9d2e55..71b837ed29f8a9a48e72348f3c7bfb2224e66ed0 100644
--- a/gateway/initial_gw_setup.yml
+++ b/gateway/initial_gw_setup.yml
@@ -46,6 +46,19 @@
           100     vpn
       tags: config
 
+    # Modules
+    - name: Load `br_netfilter` kernel module
+      community.general.modprobe:
+        name: "br_netfilter"
+        persistent: "disabled" # Initially just a modprobe? I don't understand why
+        state: "present"
+    - name: Add `nf_conntrack` to modules
+      community.general.modprobe:
+        name: "nf_conntrack"
+        state: "present"
+        persistent: "present"
+      tags: config
+
     # Sysctl
     - name: Add the freifunk settings to sysctl config
       ansible.builtin.blockinfile:
@@ -74,19 +87,6 @@
       ansible.builtin.shell: sysctl -p /etc/sysctl.conf
       tags: config
 
-    # Modules
-    - name: Load `br_netfilter` kernel module
-      community.general.modprobe:
-        name: "br_netfilter"
-        persistent: "disabled" # Initially just a modprobe? I don't understand why
-        state: "present"
-    - name: Add `nf_conntrack` to modules
-      community.general.modprobe:
-        name: "nf_conntrack"
-        state: "present"
-        persistent: "present"
-      tags: config
-
     # Basic networking
     - name: Setup network interfaces (bridge + bat0)
       ansible.builtin.template: