diff --git a/etc/nftables/nftables-ns2.conf b/etc/nftables/nftables-ns2.conf
index db7cbd0..b87e167 100644
--- a/etc/nftables/nftables-ns2.conf
+++ b/etc/nftables/nftables-ns2.conf
@@ -160,7 +160,7 @@ table inet filter {
         type filter hook output priority raw
 
         oif lo goto output-raw-loopback
-        skuid != { root, systemd-network, unbound, alpm, chrony, http, powerdns, dnsdist, geoipupdate } counter goto graceful-reject
+        skuid != { root, systemd-network, unbound, alpm, chrony, http, powerdns, dnsdist, geoipupdate, bird } counter goto graceful-reject
         udp sport $udp-ports notrack accept
 
         # translate DSCP to priority for fq bands
diff --git a/packages/brn.ns2.grapheneos.org b/packages/brn.ns2.grapheneos.org
index e6ba1cd..a6acd57 100644
--- a/packages/brn.ns2.grapheneos.org
+++ b/packages/brn.ns2.grapheneos.org
@@ -1,5 +1,6 @@
 b3sum
 base
+bird
 chrony
 cloud-guest-utils
 conntrack-tools
diff --git a/packages/las.ns2.grapheneos.org b/packages/las.ns2.grapheneos.org
index e6ba1cd..a6acd57 100644
--- a/packages/las.ns2.grapheneos.org
+++ b/packages/las.ns2.grapheneos.org
@@ -1,5 +1,6 @@
 b3sum
 base
+bird
 chrony
 cloud-guest-utils
 conntrack-tools
diff --git a/packages/nyc.ns2.grapheneos.org b/packages/nyc.ns2.grapheneos.org
index 3d73df2..c2fcc0e 100644
--- a/packages/nyc.ns2.grapheneos.org
+++ b/packages/nyc.ns2.grapheneos.org
@@ -1,5 +1,6 @@
 b3sum
 base
+bird
 certbot
 chrony
 cloud-guest-utils