diff --git a/bundles/dhcpd/files/dhcpd.conf b/bundles/dhcpd/files/dhcpd.conf
index 98ff2b4..8a9e7eb 100644
--- a/bundles/dhcpd/files/dhcpd.conf
+++ b/bundles/dhcpd/files/dhcpd.conf
@@ -1,27 +1,28 @@
 #dhcpd.conf
 
-<% 
+<%
 import re
 %>
 ddns-update-style none;
 
 authoritative;
 
-% for identfier, subnet in dhcp_config.get('subnets', {}).items():
+% for identifier, subnet in dhcp_config.get('subnets', {}).items():
+# subnet '${identifier}'
 subnet ${subnet['subnet']} netmask ${subnet['netmask']} {
-% if subnet.get('range_lower', None) and subnet.get('range_higher', None):
+%   if subnet.get('range_lower', None) and subnet.get('range_higher', None):
     range ${subnet['range_lower']} ${subnet['range_higher']};
-% endif
+%   endif
     interface "${subnet['interface']}";
     default-lease-time ${subnet.get('default-lease-time', 600)};
     max-lease-time ${subnet.get('max-lease-time', 3600)};
-% for option, value in sorted(subnet.get('options', {}).items()):
-    % if re.match('([^0-9\.,\ ])', value):
-        option ${option} "${value}";
-    % else:
-        option ${option} ${value};
-    % endif
-% endfor
+%   for option, value in sorted(subnet.get('options', {}).items()):
+%     if re.match('([^0-9\.,\ ])', value):
+    option ${option} "${value}";
+%     else:
+    option ${option} ${value};
+%     endif
+%   endfor
 }
 % endfor
 
diff --git a/bundles/dhcpd/items.py b/bundles/dhcpd/items.py
index f3d7125..f6c09f4 100644
--- a/bundles/dhcpd/items.py
+++ b/bundles/dhcpd/items.py
@@ -2,7 +2,7 @@ files = {
     '/etc/dhcp/dhcpd.conf': {
         'content_type': 'mako',
         'context': {
-            'dhcp_config': node.metadata.get('dhcpd'),
+            'dhcp_config': node.metadata['dhcpd'],
         },
         'needs': {
             'pkg_apt:isc-dhcp-server'
@@ -14,7 +14,8 @@ files = {
     '/etc/default/isc-dhcp-server': {
         'content_type': 'mako',
         'context': {
-            'listen_interfaces': node.metadata.get('dhcpd', {}).get('listen_interfaces'),
+            # Set by our own metadata reactor. Guaranteed to exist.
+            'listen_interfaces': node.metadata['dhcpd']['listen_interfaces'],
         },
         'needs': {
             'pkg_apt:isc-dhcp-server'
diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py
index ce6fb6b..a1a44d4 100644
--- a/bundles/dhcpd/metadata.py
+++ b/bundles/dhcpd/metadata.py
@@ -10,27 +10,48 @@ defaults = {
 @metadata_reactor
 def get_static_allocations(metadata):
     allocations = {}
-    for rnode in repo.nodes_in_group('home'):
+    for rnode in repo.nodes:
+        if rnode.metadata.get('location', '') != metadata.get('location', ''):
+            continue
+
         for identifier, interface in rnode.metadata.get('interfaces', {}).items():
             if interface.get('dhcp', False):
                 allocations[rnode.name] = {
-                        'ipv4':  sorted(interface['ips'])[0],
-                        'mac': interface['mac'],
+                    'ipv4': sorted(interface['ips'])[0],
+                    'mac': interface['mac'],
                 }
+
     return {
         'dhcpd': {
             'fixed_allocations': allocations,
         }
     }
 
+
 @metadata_reactor
 def get_listen_interfaces(metadata):
     listen_interfaces = []
     for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():
-        listen_interfaces.append(subnet.get('interface'))
+        listen_interfaces.append(subnet['interface'])
 
     return {
         'dhcpd': {
             'listen_interfaces': ' '.join(sorted(listen_interfaces)),
         }
     }
+
+
+@metadata_reactor
+def iptables(metadata):
+    iptables = set()
+    for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():
+        iptables.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet['interface']))
+
+    return {
+        'iptables': {
+            'bundle_rules': {
+                # iptables bundle relies on this being a list.
+                'dhcpd': sorted(list(iptables)),
+            },
+        }
+    }
diff --git a/groups/locations.py b/groups/locations.py
index 953b027..4d46f32 100644
--- a/groups/locations.py
+++ b/groups/locations.py
@@ -13,6 +13,7 @@ groups['gce'] = {
                 },
             },
         },
+        'location': 'gce',
         'nameservers': {
             '8.8.8.8',
             '8.8.4.4',
@@ -33,6 +34,9 @@ groups['htz'] = {
     'subgroups': {
         'htz-cloud',
     },
+    'metadata': {
+        'location': 'htz',
+    },
 }
 
 groups['htz-cloud'] = {
@@ -70,6 +74,7 @@ groups['ovh'] = {
         r"ovh\..*",
     },
     'metadata': {
+        'location': 'ovh',
         'users': {
             'debian': {
                 'delete': True,
diff --git a/nodes/home/router.py b/nodes/home/router.py
index 37cadb0..4809ad3 100644
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@@ -94,8 +94,6 @@ nodes['home.router'] = {
                         'broadcast-address': '172.19.138.255',
                         'subnet-mask': '255.255.255.0',
                     },
-                    'default-lease-time': 300,
-                    'max-lease-time': 1800,
                 },
             },
         },