diff --git a/machines/shinobu/services/router.nix b/machines/shinobu/services/router.nix
index afaed2c..ca3bcbe 100644
--- a/machines/shinobu/services/router.nix
+++ b/machines/shinobu/services/router.nix
@@ -137,6 +137,25 @@ in
             oifname $PHYSICAL_WAN counter drop
           }
         }
+
+        # Tracing infrastructure, can be used for debugging (nft monitor trace)
+        table inet trace {
+          chain prerouting {
+            type filter hook prerouting priority raw - 1
+            jump common
+          }
+
+          chain output {
+            type filter hook output priority raw - 1
+            jump common
+          }
+
+          chain common {
+            # Add tracing rule here
+            # … meta nftrace set 1
+            # DO NOT COMMIT ANY TRACING RULES
+          }
+        }
       '';
     };
   };