diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py
index 267090d..7e36f7f 100755
--- a/qubesagent/firewall.py
+++ b/qubesagent/firewall.py
@@ -556,7 +556,7 @@ class NftablesWorker(FirewallWorker):
             '  chain forward {{\n'
             '    type filter hook forward priority 0;\n'
             '    policy drop;\n'
-            '    ct state established accept\n'
+            '    ct state established,related accept\n'
             '  }}\n'
             '}}\n'
         )
diff --git a/qubesagent/test_firewall.py b/qubesagent/test_firewall.py
index c271f6c..f122eb6 100644
--- a/qubesagent/test_firewall.py
+++ b/qubesagent/test_firewall.py
@@ -430,14 +430,14 @@ class TestNftablesWorker(TestCase):
             '  chain forward {\n'
             '    type filter hook forward priority 0;\n'
             '    policy drop;\n'
-            '    ct state established accept\n'
+            '    ct state established,related accept\n'
             '  }\n'
             '}\n'
             'table ip6 qubes-firewall {\n'
             '  chain forward {\n'
             '    type filter hook forward priority 0;\n'
             '    policy drop;\n'
-            '    ct state established accept\n'
+            '    ct state established,related accept\n'
             '  }\n'
             '}\n'
         ])