diff --git a/files/interfaces-troisdorf5 b/files/interfaces-troisdorf5
index b11e134..f245fe1 100644
--- a/files/interfaces-troisdorf5
+++ b/files/interfaces-troisdorf5
@@ -15,6 +15,12 @@ iface lo inet6 loopback
 # The primary network interface
 allow-hotplug eth0
 iface eth0 inet dhcp
+        post-up iptables -P OUTPUT ACCEPT
+        post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
+        post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
+        post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
+        post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 allow-hotplug eth1
 iface eth1 inet6 static
         address 2a01:4f8:172:f4b::5
@@ -29,8 +35,16 @@ auto gre-bb-a.ak.ber
 iface gre-bb-a.ak.ber inet static
         address 100.64.2.151
         netmask 255.255.255.254
+<<<<<<< HEAD
+        pre-up ip tunnel add $IFACE mode gre local 5.9.76.198 remote 185.66.195.0 ttl 255
+        post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
+        post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
+        post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
+=======
         pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.0 ttl 255
+>>>>>>> origin/master
         post-up ip link set $IFACE mtu 1400
+        post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
         post-down ip tunnel del $IFACE
 
 iface gre-bb-a.ak.ber inet6 static
@@ -42,8 +56,16 @@ auto gre-bb-b.ak.ber
 iface gre-bb-b.ak.ber inet static
         address 100.64.2.153
         netmask 255.255.255.254
+<<<<<<< HEAD
+        pre-up ip tunnel add $IFACE mode gre local 5.9.76.198 remote 185.66.195.1 ttl 255
+        post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
+        post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
+        post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
+=======
         pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.1 ttl 255
+>>>>>>> origin/master
         post-up ip link set $IFACE mtu 1400
+        post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
         post-down ip tunnel del $IFACE
 
 iface gre-bb-b.ak.ber inet6 static
@@ -56,8 +78,16 @@ auto gre-bb-a.ix.dus
 iface gre-bb-a.ix.dus inet static
         address 100.64.2.155
         netmask 255.255.255.254
+<<<<<<< HEAD
+        pre-up ip tunnel add $IFACE mode gre local 5.9.76.198 remote 185.66.193.0 ttl 255
+        post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
+        post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
+        post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
+=======
         pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.0 ttl 255
+>>>>>>> origin/master
         post-up ip link set $IFACE mtu 1400
+        post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
         post-down ip tunnel del $IFACE
 
 iface gre-bb-a.ix.dus inet6 static
@@ -70,8 +100,16 @@ auto gre-bb-b.ix.dus
 iface gre-bb-b.ix.dus inet static
         address 100.64.2.157
         netmask 255.255.255.254
+<<<<<<< HEAD
+        pre-up ip tunnel add $IFACE mode gre local 5.9.76.198 remote 185.66.193.1 ttl 255
+        post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
+        post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
+        post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
+=======
         pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.1 ttl 255
+>>>>>>> origin/master
         post-up ip link set $IFACE mtu 1400
+        post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
         post-down ip tunnel del $IFACE
 
 iface gre-bb-b.ix.dus inet6 static
diff --git a/files/logrotate.conf b/files/logrotate.conf
index b31a038..c9c8d2a 100644
--- a/files/logrotate.conf
+++ b/files/logrotate.conf
@@ -5,7 +5,7 @@ daily
 
 # keep 4 weeks worth of backlogs
 #rotate 4
-rotate 0
+rotate 1
 
 # create new (empty) log files after rotating old ones
 create
diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2
index c5befcc..2c7dd64 100644
--- a/files/sn_startup.exit.sh.j2
+++ b/files/sn_startup.exit.sh.j2
@@ -3,12 +3,6 @@
 
 curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
 
-# Block RFC1918 and APIPA destination via WAN
-/sbin/iptables -P OUTPUT ACCEPT
-for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
-/sbin/iptables -A OUTPUT -o eth0 -d $i -j DROP
-done
-
 # Activate IP forwarding
 /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
 /sbin/sysctl -w net.ipv4.ip_forward=1
@@ -27,16 +21,6 @@ done
 /sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
 /sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4
 
-# NAT on eth0
-/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-
-# NAT on GRE Freifunk interface
-/sbin/iptables -t nat -A POSTROUTING -o gre-+ -j SNAT --to-source {{ sn_ffrl_IPv4 }}
-
-# MTU
-/sbin/iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-+ -j TCPMSS --set-mss 1312
-/sbin/ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-+ -j TCPMSS --set-mss 1312
-
 # All from FF IPv4 via routing table 42
 /bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
 /bin/ip -6 rule add from  2a03:2260:121::/64 lookup 42
diff --git a/install.sn.yml b/install.sn.yml
index 4640316..8f42b3c 100644
--- a/install.sn.yml
+++ b/install.sn.yml
@@ -9,7 +9,11 @@
   user: root
   gather_facts: False
   vars:
+<<<<<<< HEAD
+    snversion: master_v3.0.7
+=======
     snversion: master_v3.0.8
+>>>>>>> master
     batmanversion: v2015.2
     common_required_packages:
       - git
@@ -255,10 +259,6 @@
       template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
     - name: Copy radvd config template
       template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
-    - name: Alfed message
-      template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544
-    - name: Add cron job with alfred info script
-      cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"
     - name: Interface configuration with ffrl gre tunnel
       copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544
       when: sn_exit is defined