diff --git a/etc/nftables.conf b/etc/nftables.conf
index fde9961..18ead68 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -12,7 +12,7 @@ table inet filter {
 		ct state invalid counter drop comment "drop invalid"
 		meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP"
 
-		tcp dport ssh ct state { new } counter accept comment "accept new SSH connections"
+		tcp dport ssh ct state new counter accept comment "accept new SSH connections"
 
 		counter comment "count any other dropped traffic"
 	}
@@ -20,7 +20,7 @@ table inet filter {
 	chain output {
 		type filter hook output priority filter; policy drop;
 
-		iif lo counter accept comment "accept any localhost traffic"
+		oif lo counter accept comment "accept any localhost traffic"
 		ct state { established, related } counter accept comment "accept established,related"
 		ct state invalid counter drop comment "drop invalid"
 		meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP"