diff --git a/hosts/router/default.nix b/hosts/router/default.nix
index f08ad22..0419bbe 100644
--- a/hosts/router/default.nix
+++ b/hosts/router/default.nix
@@ -212,7 +212,7 @@
         ##############################################################################
         # DNS INTERCEPTION - Force all DNS through AdGuard Home
         ##############################################################################
-        
+
         # Redirect standard DNS queries (port 53) to AdGuard
         # Skip packets from the router itself to prevent loops
         iptables -t nat -A PREROUTING -i lan -p udp --dport 53 ! -s 192.168.0.1 \
@@ -221,7 +221,7 @@
         iptables -t nat -A PREROUTING -i lan -p tcp --dport 53 ! -s 192.168.0.1 \
           -j DNAT --to-destination 192.168.0.1:53 \
           -m comment --comment "Redirect TCP DNS to AdGuard"
-        
+
         # Block any DNS queries that try to bypass AdGuard
         iptables -A FORWARD -i lan -p udp --dport 53 ! -d 192.168.0.1 \
           -j REJECT --reject-with icmp-port-unreachable \
@@ -229,17 +229,17 @@
         iptables -A FORWARD -i lan -p tcp --dport 53 ! -d 192.168.0.1 \
           -j REJECT --reject-with tcp-reset \
           -m comment --comment "Block external TCP DNS"
-        
+
         # Block DNS over TLS (DoT) on port 853
         iptables -A FORWARD -i lan -p tcp --dport 853 \
           -j REJECT --reject-with tcp-reset \
           -m comment --comment "Block DNS over TLS"
-        
+
         # Block DNS over QUIC (DoQ) on UDP port 853
         iptables -A FORWARD -i lan -p udp --dport 853 \
           -j REJECT --reject-with icmp-port-unreachable \
           -m comment --comment "Block DNS over QUIC"
-        
+
         # Block known DNS over HTTPS (DoH) providers
         # Google DNS
         iptables -A FORWARD -i lan -d 8.8.8.8 -p tcp --dport 443 -j REJECT \
@@ -256,7 +256,7 @@
           -m comment --comment "Block Quad9 DoH"
         iptables -A FORWARD -i lan -d 149.112.112.112 -p tcp --dport 443 -j REJECT \
           -m comment --comment "Block Quad9 DoH"
-        
+
         # Optional: Log DNS bypass attempts for monitoring
         # iptables -A FORWARD -i lan -p udp --dport 53 -j LOG --log-prefix "DNS-BYPASS: " --log-level warning
         # iptables -A FORWARD -i lan -p tcp --dport 853 -j LOG --log-prefix "DoT-ATTEMPT: " --log-level warning
@@ -270,7 +270,7 @@
 
         # Clear mangle table rules
         iptables -t mangle -F FORWARD 2>/dev/null || true
-        
+
         # Clear NAT rules for DNS interception
         iptables -t nat -D PREROUTING -i lan -p udp --dport 53 ! -s 192.168.0.1 -j DNAT --to-destination 192.168.0.1:53 2>/dev/null || true
         iptables -t nat -D PREROUTING -i lan -p tcp --dport 53 ! -s 192.168.0.1 -j DNAT --to-destination 192.168.0.1:53 2>/dev/null || true