diff --git a/etc/nftables.conf b/etc/nftables.conf
index 18ead68..a18e7dd 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -25,6 +25,7 @@ table inet filter {
 		ct state invalid counter drop comment "drop invalid"
 		meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP"
 
+		udp dport https ct state new counter reject comment "reject new HTTP/3 connections"
 		ct state new counter accept comment "accept new outbound connections"
 
 		counter comment "count any other dropped traffic"