diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix
index 62bf38e31b18..72fd61134ad8 100644
--- a/nixos/modules/virtualisation/podman/default.nix
+++ b/nixos/modules/virtualisation/podman/default.nix
@@ -232,6 +232,7 @@ in
       # containers cannot reach aardvark-dns otherwise
       networking.firewall.interfaces.${network_interface}.allowedUDPPorts = lib.mkIf dns_enabled [ 53 ];
 
+      virtualisation.podman.extraPackages = [ pkgs.iptables ];
       virtualisation.containers = {
         enable = true; # Enable common /etc/containers configuration
         containersConf.settings = {
diff --git a/pkgs/by-name/po/podman/package.nix b/pkgs/by-name/po/podman/package.nix
index 34170da7994f..27705ccd4366 100644
--- a/pkgs/by-name/po/podman/package.nix
+++ b/pkgs/by-name/po/podman/package.nix
@@ -25,7 +25,6 @@
   extraRuntimes ? lib.optionals stdenv.hostPlatform.isLinux [ runc ], # e.g.: runc, gvisor, youki
   fuse-overlayfs,
   util-linuxMinimal,
-  iptables,
   iproute2,
   catatonit,
   gvproxy,
@@ -43,7 +42,6 @@ let
     lib.optionals stdenv.hostPlatform.isLinux [
       fuse-overlayfs
       util-linuxMinimal
-      iptables
       iproute2
     ]
     ++ lib.optionals stdenv.hostPlatform.isDarwin [