diff --git a/bundles/nftables/files/nftables.conf b/bundles/nftables/files/nftables.conf
index f417856..5e64a02 100644
--- a/bundles/nftables/files/nftables.conf
+++ b/bundles/nftables/files/nftables.conf
@@ -56,14 +56,14 @@ table nat {
     chain prerouting {
         type nat hook prerouting priority -100
 
-% for rule in node.metadata.get('nftables/rules/nat_prerouting', []):
+% for rule in sorted(node.metadata.get('nftables/rules/nat_prerouting', [])):
         ${rule}
 % endfor
     }
     chain postrouting {
         type nat hook postrouting priority 100
 
-% for rule in node.metadata.get('nftables/rules/nat_postrouting', []):
+% for rule in sorted(node.metadata.get('nftables/rules/nat_postrouting', [])):
         ${rule}
 % endfor
     }