diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml
index 62120b520..99ad994aa 100644
--- a/group_vars/all/imageprofile.yml
+++ b/group_vars/all/imageprofile.yml
@@ -6,7 +6,7 @@ imagebuilder_suffix: zst # Might get overridden for older openwrt versions
 imagebuilder_filename: "openwrt-imagebuilder-{{ openwrt_version }}-{{ target | replace('/', '-') }}.Linux-x86_64.tar.{{ imagebuilder_suffix }}"
 
 imagebuilder: "https://downloads.cdn.openwrt.org/{{ 'snapshots' if openwrt_version == 'snapshot' else 'releases/' ~ openwrt_version }}/targets/{{ target }}/{{ imagebuilder_filename }}"
-feed: "src/gz openwrt_falter https://firmware.berlin.freifunk.net/feed/__FEED_VERSION__/packages/__INSTR_SET__/falter"
+feed: "src/gz openwrt_falter https://firmware.berlin.freifunk.net/feed/{{ feed_version }}/packages/{{ instr_set }}/falter"
 
 
 all__packages__to_merge:
@@ -18,7 +18,8 @@ all__packages__to_merge:
   - collectd-mod-ping
   - collectd-mod-uptime
   - ethtool
-  - ip6tables                  # Its not pulled in by default anymore bc fw4
+  - ip6tables-nft                  # Its not pulled in by default anymore bc fw4
+  - iptables-nft
   - iperf3
   - iwinfo
   - ip
diff --git a/group_vars/version_snapshot.yml b/group_vars/version_snapshot.yml
index c1463401c..dfe00a251 100644
--- a/group_vars/version_snapshot.yml
+++ b/group_vars/version_snapshot.yml
@@ -1,2 +1,4 @@
 ---
 feed_version: snapshot
+imagebuilder_filename: "openwrt-imagebuilder-{{ target | replace('/', '-') }}.Linux-x86_64.tar.zst"
+feed: "https://firmware.berlin.freifunk.net/feed/{{ feed_version }}/packages/{{ instr_set }}/falter/packages.adb"
diff --git a/locations/pktpls.yml b/locations/pktpls.yml
index 31779ae96..6377f1e44 100644
--- a/locations/pktpls.yml
+++ b/locations/pktpls.yml
@@ -13,7 +13,12 @@ hosts:
     model: "x86-64"
     openwrt_version: snapshot
 
-# feed: "src/gz openwrt_falter file:///home/user/w/ff/falter-packages/out/main/x86_64/falter"
+# Custom APK feed: snapshot
+# feed: "file:///home/user/w/ff/falter-packages/out/main/x86_64/falter/packages.adb"
+# feed_key: "/home/user/w/ff/falter-packages/tmp/main/x86_64/public-key.pem"
+#
+# Custom OPKG feed: 24.10-SNAPSHOT, 23.05-SNAPSHOT
+# feed: "src/gz openwrt_falter file:///home/user/w/ff/falter-packages/out/openwrt-24.10/x86_64/falter"
 # imagebuilder_disable_signature_check: true
 
 location__packages__to_merge:
diff --git a/roles/cfg_openwrt/files/falter.snapshot.pem b/roles/cfg_openwrt/files/falter.snapshot.pem
new file mode 100644
index 000000000..cbede47b4
--- /dev/null
+++ b/roles/cfg_openwrt/files/falter.snapshot.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE1NSmLpdMjXJpDQki9ziqW3Ve0aIX99t
+uAc1Yn5TexwhBhHsGxUxICHS63pDXYj9xg1AZHlvbEnFrBNrsdjJQQ==
+-----END PUBLIC KEY-----
diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml
index c2dc220c9..479415b0e 100644
--- a/roles/cfg_openwrt/tasks/imagebuilder.yml
+++ b/roles/cfg_openwrt/tasks/imagebuilder.yml
@@ -74,31 +74,67 @@
     instr_set: "{{ instr_set_result.stdout_lines | first }}"
   when: 'instr_set is not defined and feed_version is defined'
 
-- name: Insert falter feed
+- name: Insert falter OPKG feed
   lineinfile:
     path: "{{ build_dir }}/repositories.conf"
-    line: "{{ feed | replace('__INSTR_SET__', instr_set) | replace('__FEED_VERSION__', feed_version) }}"
-  when: 'feed_version is defined'
-
-- name: Define Key-Dir
-  stat:
-    path: "{{ build_dir }}/keys/"
-  register: keydir
+    line: "{{ feed }}"
+  when: 'feed_version is defined and openwrt_version != "snapshot"'
 
-- name: Add falter feed key
+- name: Add falter OPKG feed key
   copy:
     src: "files/packagefeed_master.pub"
     dest: "{{ build_dir }}/keys/61a078a38408e710"  # matches fingerprint
     mode: "preserve"
-  when: 'feed_version is defined and keydir.stat.exists'
+  when: 'feed_version is defined'
 
-- name: Disable Signature verification if required
+- name: Disable OPKG signature verification if required
   lineinfile:
     path: "{{ build_dir }}/repositories.conf"
     line: "option check_signature"
     state: "absent"
   when: 'imagebuilder_disable_signature_check is defined and imagebuilder_disable_signature_check'
 
+- name: Add falter APK feed
+  lineinfile:
+    path: "{{ build_dir }}/repositories"
+    line: "{{ feed }}"
+  when: 'feed_version is defined and openwrt_version == "snapshot"'
+
+- name: Add falter APK feed to image
+  lineinfile:
+    path: "{{ configs_dir }}/etc/apk/repositories.d/falter.list"
+    line: "{{ feed }}"
+    create: true
+  when: 'feed_version is defined and openwrt_version == "snapshot"'
+
+- name: Add falter APK feed key
+  copy:
+    src: "files/falter.snapshot.pem"
+    dest: "{{ build_dir }}/keys/"
+    mode: "preserve"
+  when: 'feed_version is defined and openwrt_version == "snapshot"'
+
+- name: Add falter APK feed key to image
+  copy:
+    src: "files/falter.snapshot.pem"
+    dest: "{{ configs_dir }}/etc/apk/keys/"
+    mode: "preserve"
+  when: 'feed_version is defined and openwrt_version == "snapshot"'
+
+- name: Add custom APK feed key
+  copy:
+    src: "{{ feed_key }}"
+    dest: "{{ build_dir }}/keys/falter.custom.pem"
+    mode: "preserve"
+  when: 'feed_version is defined and openwrt_version == "snapshot" and feed_key is defined'
+
+- name: Add custom APK feed key to image
+  copy:
+    src: "{{ feed_key }}"
+    dest: "{{ configs_dir }}/etc/apk/keys/falter.custom.pem"
+    mode: "preserve"
+  when: 'feed_version is defined and openwrt_version == "snapshot" and feed_key is defined'
+
 - name: Override compat_version check to bbb-configs exclusive value 9.9
   lineinfile:
     path: "{{ build_dir }}/include/image-commands.mk"