diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index c0ec379..bee7c48 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -45,6 +45,7 @@ COMMIT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd
+-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10021 -j DROP
 -A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
 # wireguard_mesh
 {% for site in sites %}
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index a3ee47e..9a71279 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -47,6 +47,7 @@ COMMIT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd
+-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10021 -j DROP
 -A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
 {% endif %}
 # MOSH