diff --git a/inventory.yml b/inventory.yml
index 337b1c2..326d7e4 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -14,6 +14,5 @@ query_filters:
   - role: 'firewall'
   - role: 'server'
   - role: 'storage-node'
-  - role: 'desktop-computer'
 group_by:
   - cluster
diff --git a/roles/alpine/templates/local.nft.j2 b/roles/alpine/templates/local.nft.j2
index 484a8e8..4a1d32f 100644
--- a/roles/alpine/templates/local.nft.j2
+++ b/roles/alpine/templates/local.nft.j2
@@ -12,10 +12,10 @@ table inet filter {
 {% endif %}
 {% if prefixes4 or prefixes6 %}
 {% if prefixes4 %}
-        ip saddr { {{ prefixes4 | join(', ') }} } {{ service.protocol.value }} dport { {{ ports }} } accept
+        ip saddr { {{ prefixes4 | join(', ') }} } tcp dport { {{ ports }} } accept
 {% endif %}
 {% if prefixes6 %}
-        ip6 saddr { {{ prefixes6 | join(', ') }} } {{ service.protocol.value }} dport { {{ ports }} } accept
+        ip6 saddr { {{ prefixes6 | join(', ') }} } tcp dport { {{ ports }} } accept
 {% endif %}
 {% else %}
         tcp dport { {{ ports }} } accept
diff --git a/roles/dnsmasq/handlers/main.yml b/roles/dnsmasq/handlers/main.yml
deleted file mode 100644
index b2ea069..0000000
--- a/roles/dnsmasq/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: restart dnsmasq
-  service:
-    name: dnsmasq
-    state: restarted
-  when: "'handler' not in ansible_skip_tags"
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
deleted file mode 100644
index fb7b0a3..0000000
--- a/roles/dnsmasq/tasks/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-- name: Install packages
-  package:
-    name:
-    - dnsmasq
-
-- name: Configure dnsmasq
-  template:
-    dest: '/etc/dnsmasq.d/{{ item }}'
-    src: '{{ item }}.j2'
-  loop:
-  - 00-options.conf
-  - 10-ranges.conf
-  notify: restart dnsmasq
-
-# TODO DNS update
-# TODO netboot config
diff --git a/roles/dnsmasq/templates/00-options.conf.j2 b/roles/dnsmasq/templates/00-options.conf.j2
deleted file mode 100644
index 0f5bd43..0000000
--- a/roles/dnsmasq/templates/00-options.conf.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-# disable DNS server
-port = 0
-
-bind-interfaces
-interface = {{ interfaces | map(attribute='name') | join(',') }}
-
-dhcp-authoritative
-dhcp-proxy
-
-dhcp-option = option:dns-server,{{ dns | join(',') }}
-dhcp-option = option:ntp-server,{{ ntp | join(',') }}
diff --git a/roles/dnsmasq/templates/10-ranges.conf.j2 b/roles/dnsmasq/templates/10-ranges.conf.j2
deleted file mode 100644
index 4eed62c..0000000
--- a/roles/dnsmasq/templates/10-ranges.conf.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-{% for prefix in prefixes | selectattr('custom_fields.dhcp_server') %}
-{% if prefix.custom_fields.dhcp_server.address | ipaddr('address') == primary_ip4 %}
-# {{ prefix.vlan.name }}
-dhcp-range = set:{{ prefix.vlan.name }},{{ prefix.prefix | ipmath(100) }},{{ prefix.prefix | ipmath(200) }},{{ prefix.prefix | ipaddr('netmask') }}
-{% if prefix.custom_fields.gateway %}
-dhcp-option = tag:{{ prefix.vlan.name }},option:router,{{ prefix.custom_fields.gateway.address | ipaddr('address') }}
-{% endif -%}
-
-{% for host in hostvars.values() | selectattr('primary_ip4') | selectattr('primary_ip4', 'ansible.utils.in_network', prefix.prefix) %}
-{% for interface in host.interfaces | selectattr('mac_address') %}
-{% for address in interface.ip_addresses | selectattr('status.value', '==', 'dhcp') %}
-dhcp-host = {{ interface.mac_address | lower }},{{ address.address | ipaddr('address') }},{{ interface.device.name | lower }}
-{% endfor %}
-{% endfor %}
-{% endfor %}
-
-{% endif %}
-{% endfor %}
diff --git a/setup.yml b/setup.yml
index 5b0516f..b4c17ad 100644
--- a/setup.yml
+++ b/setup.yml
@@ -3,11 +3,6 @@
   roles:
     - facts
 
-- hosts: dhcp
-  roles:
-    - alpine
-    - dnsmasq
-
 - hosts: zid
   roles:
     - alpine