diff --git a/network/iptables b/network/iptables
index a23bb82..51e652c 100644
--- a/network/iptables
+++ b/network/iptables
@@ -19,9 +19,10 @@ COMMIT
 :OUTPUT ACCEPT [128:12536]
 -A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
+-A INPUT -i vif+ -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
--A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A INPUT -i vif+ -j REJECT --reject-with icmp-host-prohibited
+-A INPUT -j DROP
 -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -i vif+ -o vif+ -j DROP
 -A FORWARD -i vif+ -j ACCEPT