diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py
index c445fc7..e811c6c 100755
--- a/qubesagent/firewall.py
+++ b/qubesagent/firewall.py
@@ -169,7 +169,7 @@ class IptablesWorker(FirewallWorker):
     @staticmethod
     def chain_for_addr(addr):
         '''Generate iptables chain name for given source address address'''
-        return 'qbs-' + addr.replace('.', '-').replace(':', '-')
+        return 'qbs-' + addr.replace('.', '-').replace(':', '-')[-20:]
 
     def run_ipt(self, family, args, **kwargs):
         # pylint: disable=no-self-use
@@ -236,7 +236,10 @@ class IptablesWorker(FirewallWorker):
                 raise RuleParseError('dst6 rule found for IPv4 address')
 
             if 'proto' in rule:
-                protos = [rule['proto']]
+                if rule['proto'] == 'icmp' and family == 6:
+                    protos = ['icmpv6']
+                else:
+                    protos = [rule['proto']]
             else:
                 protos = None
 
diff --git a/qubesagent/test_firewall.py b/qubesagent/test_firewall.py
index b50fb33..c271f6c 100644
--- a/qubesagent/test_firewall.py
+++ b/qubesagent/test_firewall.py
@@ -162,7 +162,7 @@ class TestIptablesWorker(TestCase):
             self.obj.chain_for_addr('10.137.0.1'), 'qbs-10-137-0-1')
         self.assertEqual(
             self.obj.chain_for_addr('fd09:24ef:4179:0000::3'),
-            'qbs-fd09-24ef-4179-0000--3')
+            'qbs-09-24ef-4179-0000--3')
 
     def test_001_create_chain(self):
         testdata = [
@@ -230,7 +230,7 @@ class TestIptablesWorker(TestCase):
             "-A chain -d 2001::2/128 -p udp --dport 53:53 -j ACCEPT\n"
             "-A chain -d 2001::1/128 -p udp --dport 53:53 -j DROP\n"
             "-A chain -d 2001::2/128 -p udp --dport 53:53 -j DROP\n"
-            "-A chain -p icmp -j DROP\n"
+            "-A chain -p icmpv6 -j DROP\n"
             "-A chain -j DROP\n"
             "COMMIT\n"
         )