diff --git a/nftables-attestation.conf b/nftables-attestation.conf
index 545fc08..7c86a85 100644
--- a/nftables-attestation.conf
+++ b/nftables-attestation.conf
@@ -47,6 +47,12 @@ table inet filter {
 
         oif lo accept
 
-        skuid != {root, systemd-network, chrony, unbound, http, attestation} counter reject
+        skuid != {root, systemd-network, chrony, unbound, http, attestation} counter goto output-reject
+    }
+
+    chain output-reject {
+        meta l4proto udp reject
+        meta l4proto tcp reject with tcp reset
+        reject
     }
 }
diff --git a/nftables-discuss.conf b/nftables-discuss.conf
index 6d13ca2..9d2bff9 100644
--- a/nftables-discuss.conf
+++ b/nftables-discuss.conf
@@ -47,6 +47,12 @@ table inet filter {
 
         oif lo accept
 
-        skuid != {root, systemd-network, chrony, unbound, http, flarum} counter reject
+        skuid != {root, systemd-network, chrony, unbound, http, flarum} counter goto output-reject
+    }
+
+    chain output-reject {
+        meta l4proto udp reject
+        meta l4proto tcp reject with tcp reset
+        reject
     }
 }
diff --git a/nftables-dns.conf b/nftables-dns.conf
index 59d7c51..7ed1fa3 100644
--- a/nftables-dns.conf
+++ b/nftables-dns.conf
@@ -50,6 +50,12 @@ table inet filter {
 
         oif lo accept
 
-        skuid != {root, systemd-network, chrony, unbound, powerdns} counter reject
+        skuid != {root, systemd-network, chrony, unbound, powerdns} counter goto output-reject
+    }
+
+    chain output-reject {
+        meta l4proto udp reject
+        meta l4proto tcp reject with tcp reset
+        reject
     }
 }
diff --git a/nftables-mail.conf b/nftables-mail.conf
index 4e62d28..ea71610 100644
--- a/nftables-mail.conf
+++ b/nftables-mail.conf
@@ -47,6 +47,12 @@ table inet filter {
 
         oif lo accept
 
-        skuid != {root, systemd-network, chrony, unbound, postfix, dovecot, dovenull} counter reject
+        skuid != {root, systemd-network, chrony, unbound, postfix, dovecot, dovenull} counter goto output-reject
+    }
+
+    chain output-reject {
+        meta l4proto udp reject
+        meta l4proto tcp reject with tcp reset
+        reject
     }
 }
diff --git a/nftables-matrix.conf b/nftables-matrix.conf
index b727470..068260b 100644
--- a/nftables-matrix.conf
+++ b/nftables-matrix.conf
@@ -47,6 +47,12 @@ table inet filter {
 
         oif lo accept
 
-        skuid != {root, systemd-network, chrony, unbound, http, synapse, matterbridge} counter reject
+        skuid != {root, systemd-network, chrony, unbound, http, synapse, matterbridge} counter goto output-reject
+    }
+
+    chain output-reject {
+        meta l4proto udp reject
+        meta l4proto tcp reject with tcp reset
+        reject
     }
 }
diff --git a/nftables-web.conf b/nftables-web.conf
index ec7515b..ca74e49 100644
--- a/nftables-web.conf
+++ b/nftables-web.conf
@@ -47,6 +47,12 @@ table inet filter {
 
         oif lo accept
 
-        skuid != {root, systemd-network, chrony, unbound, http} counter reject
+        skuid != {root, systemd-network, chrony, unbound, http} counter goto output-reject
+    }
+
+    chain output-reject {
+        meta l4proto udp reject
+        meta l4proto tcp reject with tcp reset
+        reject
     }
 }