diff --git a/firewall/interception/nfq/nfqexp.go b/firewall/interception/nfq/nfq.go
similarity index 79%
rename from firewall/interception/nfq/nfqexp.go
rename to firewall/interception/nfq/nfq.go
index 2c32c24c..e2efd7a0 100644
--- a/firewall/interception/nfq/nfqexp.go
+++ b/firewall/interception/nfq/nfq.go
@@ -79,18 +79,18 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
 		}
 
 		if err := pmpacket.Parse(pkt.Payload, pkt.Info()); err != nil {
-			log.Warningf("nfqexp: failed to parse payload: %s", err)
+			log.Warningf("nfqueue: failed to parse payload: %s", err)
 			_ = pkt.Drop()
 			return 0
 		}
 
 		select {
 		case q.packets <- pkt:
-			log.Tracef("nfqexp: queued packet %s (%s -> %s) after %s", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, time.Since(pkt.received))
+			log.Tracef("nfqueue: queued packet %s (%s -> %s) after %s", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, time.Since(pkt.received))
 		case <-ctx.Done():
 			return 0
 		case <-time.After(time.Second):
-			log.Warningf("nfqexp: failed to queue packet (%s since it was handed over by the kernel)", time.Since(pkt.received))
+			log.Warningf("nfqueue: failed to queue packet (%s since it was handed over by the kernel)", time.Since(pkt.received))
 		}
 
 		go func() {
@@ -98,9 +98,9 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
 			case <-pkt.verdictSet:
 
 			case <-time.After(20 * time.Second):
-				log.Warningf("nfqexp: no verdict set for packet %s (%s -> %s) after %s, dropping", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, time.Since(pkt.received))
+				log.Warningf("nfqueue: no verdict set for packet %s (%s -> %s) after %s, dropping", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, time.Since(pkt.received))
 				if err := pkt.Drop(); err != nil {
-					log.Warningf("nfqexp: failed to apply default-drop to unveridcted packet %s (%s -> %s)", pkt.ID(), pkt.Info().Src, pkt.Info().Dst)
+					log.Warningf("nfqueue: failed to apply default-drop to unveridcted packet %s (%s -> %s)", pkt.ID(), pkt.Info().Src, pkt.Info().Dst)
 				}
 			}
 		}()
@@ -118,7 +118,7 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
 			if opError.Timeout() || opError.Temporary() {
 				c := atomic.LoadUint64(&q.pendingVerdicts)
 				if c > 0 {
-					log.Tracef("nfqexp: waiting for %d pending verdicts", c)
+					log.Tracef("nfqueue: waiting for %d pending verdicts", c)
 
 					for atomic.LoadUint64(&q.pendingVerdicts) > 0 { // must NOT use c here
 						<-q.verdictCompleted
@@ -128,7 +128,7 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
 				return 0
 			}
 		}
-		log.Errorf("nfqexp: encountered error while receiving packets: %s\n", e.Error())
+		log.Errorf("nfqueue: encountered error while receiving packets: %s\n", e.Error())
 
 		return 1
 	}
@@ -146,7 +146,7 @@ func (q *Queue) Destroy() {
 	q.cancelSocketCallback()
 
 	if err := q.nf.Close(); err != nil {
-		log.Errorf("nfqexp: failed to close queue %d: %s", q.id, err)
+		log.Errorf("nfqueue: failed to close queue %d: %s", q.id, err)
 	}
 }
 
diff --git a/firewall/interception/nfq/packet.go b/firewall/interception/nfq/packet.go
index bfaa0981..911d2fdb 100644
--- a/firewall/interception/nfq/packet.go
+++ b/firewall/interception/nfq/packet.go
@@ -108,12 +108,12 @@ func (pkt *packet) setMark(mark int) error {
 				}
 			}
 
-			log.Errorf("nfqexp: failed to set verdict %s for %s (%s -> %s): %s", markToString(mark), pkt.ID(), pkt.Info().Src, pkt.Info().Dst, err)
+			log.Errorf("nfqueue: failed to set verdict %s for %s (%s -> %s): %s", markToString(mark), pkt.ID(), pkt.Info().Src, pkt.Info().Dst, err)
 			return err
 		}
 		break
 	}
-	log.Tracef("nfqexp: marking packet %s (%s -> %s) on queue %d with %s after %s", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, pkt.queue.id, markToString(mark), time.Since(pkt.received))
+	log.Tracef("nfqueue: marking packet %s (%s -> %s) on queue %d with %s after %s", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, pkt.queue.id, markToString(mark), time.Since(pkt.received))
 	return nil
 }
 
diff --git a/firewall/interception/nfqueue_linux.go b/firewall/interception/nfqueue_linux.go
index a36e13d7..1e25fb14 100644
--- a/firewall/interception/nfqueue_linux.go
+++ b/firewall/interception/nfqueue_linux.go
@@ -14,8 +14,6 @@ import (
 	"github.com/safing/portmaster/network/packet"
 )
 
-// iptables -A OUTPUT -p icmp -j", "NFQUEUE", "--queue-num", "1", "--queue-bypass
-
 var (
 	v4chains []string
 	v4rules  []string
@@ -36,10 +34,10 @@ var (
 )
 
 func init() {
-	flag.BoolVar(&experimentalNfqueueBackend, "experimental-nfqueue", true, "(deprecated flag; always used)")
+	flag.BoolVar(&experimentalNfqueueBackend, "experimental-nfqueue", false, "(deprecated flag; always used)")
 }
 
-// nfQueue encapsulates nfQueue providers
+// nfQueue encapsulates nfQueue providers.
 type nfQueue interface {
 	PacketChannel() <-chan packet.Packet
 	Destroy()