diff --git a/bundles/docker-ce/metadata.py b/bundles/docker-ce/metadata.py
index 1315d1c..cf6e2bb 100644
--- a/bundles/docker-ce/metadata.py
+++ b/bundles/docker-ce/metadata.py
@@ -12,14 +12,6 @@ defaults = {
             'docker-ce-cli': {},
         },
     },
-    'nftables': {
-        'rules': {
-            '00-docker-ce': {
-                'inet filter forward ct state { related, established } accept',
-                'inet filter forward iifname docker0 accept',
-            },
-        },
-    },
 }
 
 
@@ -27,7 +19,10 @@ defaults = {
     'nftables/rules/00-docker-ce',
 )
 def nftables_nat(metadata):
-    rules = set()
+    rules = {
+        'inet filter forward ct state { related, established } accept',
+        'inet filter forward iifname docker0 accept',
+    }
 
     for iface in metadata.get('interfaces'):
         rules.add(f'nat postrouting oifname {iface} masquerade')
@@ -35,7 +30,7 @@ def nftables_nat(metadata):
     return {
         'nftables': {
             'rules': {
-                '00-docker-ce': rules,
+                '00-docker-ce': sorted(rules),
             },
         },
     }