diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp
index d8c94f4d..5a2caa14 100644
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@@ -417,8 +417,18 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent
 
 ErrorCode ServerController::prepareHostWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config)
 {
-    // create folder on host
-    return runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::prepare_host), genVarsForScript(credentials, container)));
+    QString sctiptFileName = QString("/opt/amnezia/setup_host_firewall.sh")
+    errorCode = uploadFileToHost(credentials, amnezia::scriptData(SharedScriptType::setup_host_firewall).toUtf8(), sctiptFileName);
+
+    if (errorCode)
+        return errorCode;
+
+    ErrorCode errorCode = runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::prepare_host), genVarsForScript(credentials, container)));
+
+    if (errorCode)
+        return errorCode;
+
+    return errorCode
 }
 
 ErrorCode ServerController::buildContainerWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config)
diff --git a/client/server_scripts/prepare_host.sh b/client/server_scripts/prepare_host.sh
index 1cc56a01..6cf266ef 100644
--- a/client/server_scripts/prepare_host.sh
+++ b/client/server_scripts/prepare_host.sh
@@ -7,3 +7,40 @@ if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network
   --opt com.docker.network.bridge.name=amn0 \
   amnezia-dns-net;\
 fi
+
+if ! grep -q "#!/bin/bash" /opt/amnezia/setup_host_firewall.sh; then
+  sudo sed -i '1i\#!/bin/bash\n' /opt/amnezia/setup_host_firewall.sh
+fi
+
+if lsmod | grep -qw nf_tables; then
+    sudo update-alternatives --set iptables /usr/sbin/iptables-nft
+    sudo cat > /etc/systemd/system/setup-host-firewall.service << EOF
+[Unit]
+Description=Run setup_host_firewall.sh
+PartOf=nftables.service
+After=nftables.service
+
+[Service]
+Type=oneshot
+ExecStart=/opt/amnezia/setup_host_firewall.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+else
+  sudo cat > /etc/systemd/system/setup-host-firewall.service << EOF
+[Unit]
+Description=Run setup_host_firewall.sh
+
+[Service]
+Type=oneshot
+ExecStart=/opt/amnezia/setup_host_firewall.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+fi
+
+sudo systemctl enable setup-host-firewall.service
\ No newline at end of file