diff --git a/feeds/ucentral/uspot/README.md b/feeds/ucentral/uspot/README.md
new file mode 100644
index 000000000..b03c82f2d
--- /dev/null
+++ b/feeds/ucentral/uspot/README.md
@@ -0,0 +1,65 @@
+# uspot
+
+A captive portal
+
+##
+
+TBC
+
+## Basic firewall setup
+
+In /etc/config/firewall:
+
+```
+config zone
+	option name 'captive'
+	list network 'captive'
+	option input 'REJECT'
+	option output 'ACCEPT'
+	option forward 'REJECT'
+
+config redirect
+	option name 'Redirect-unauth-captive-CPD'
+	option src 'captive'
+	option src_dport '80'
+	option proto 'tcp'
+	option target 'DNAT'
+	option reflection '0'
+	option mark '!1/127'
+
+config rule
+	option name 'Allow-captive-CPD-UAM'
+	option src 'captive'
+	option dest_port '80 3990'
+	option proto 'tcp'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Forward-auth-captive'
+	option src 'captive'
+	option dest 'wan'
+	option proto 'any'
+	option target 'ACCEPT'
+	option mark '1/127'
+
+config rule
+	option name 'Allow-DHCP-captive'
+	option src 'captive'
+	option proto 'udp'
+	option dest_port '67'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-DNS-captive'
+	option src 'captive'
+	list proto 'udp'
+	list proto 'tcp'
+	option dest_port '53'
+	option target 'ACCEPT'
+
+config include
+	option type 'nftables'
+	option path '/usr/share/uspot/firewall.nft'
+	option position 'chain-post'
+	option chain 'mangle_postrouting'
+```
diff --git a/feeds/ucentral/uspot/files/usr/bin/captive b/feeds/ucentral/uspot/files/usr/bin/captive
index c92b35c7d..3e69a40cb 100755
--- a/feeds/ucentral/uspot/files/usr/bin/captive
+++ b/feeds/ucentral/uspot/files/usr/bin/captive
@@ -51,11 +51,9 @@ function generate_spotfilter(name) {
 		{
 			index: 0,
 			device_macaddr,
-			fwmark: 1,
-			fwmark_mask: 127
 		}, {
 			index: 1,
-			fwmark: 2,
+			fwmark: 1,
 			fwmark_mask: 127
 		}
 	];
diff --git a/feeds/ucentral/uspot/files/usr/share/uspot/firewall.ipt b/feeds/ucentral/uspot/files/usr/share/uspot/firewall.ipt
index 3023396ad..39b49ccaf 100644
--- a/feeds/ucentral/uspot/files/usr/share/uspot/firewall.ipt
+++ b/feeds/ucentral/uspot/files/usr/share/uspot/firewall.ipt
@@ -1,3 +1,3 @@
 *mangle
--A POSTROUTING -m mark --mark 0x2 -j CONNMARK --set-mark 0x2
+-A POSTROUTING -m mark --mark 0x1 -j CONNMARK --set-mark 0x2
 COMMIT
diff --git a/feeds/ucentral/uspot/files/usr/share/uspot/firewall.nft b/feeds/ucentral/uspot/files/usr/share/uspot/firewall.nft
index 993a48004..57b89cf9c 100644
--- a/feeds/ucentral/uspot/files/usr/share/uspot/firewall.nft
+++ b/feeds/ucentral/uspot/files/usr/share/uspot/firewall.nft
@@ -1 +1 @@
-mark 0x2 ct mark set 0x2
+mark 0x1 ct mark set 0x2