diff --git a/files/firewall b/files/firewall
index 93d0e8d..21eb184 100755
--- a/files/firewall
+++ b/files/firewall
@@ -141,11 +141,11 @@ case $1 in
 
        ## some rules for bastion boxes to protect the mgmt networks
         ip6tables -F FORWARD
-        ip6tables -A FORWARD -o mgmtgw1 -m state --state ESTABLISHED,RELATED      -j ACCEPT      -j ACCEPT       -m comment --comment "only for bastion hosts"
-        ip6tables -A FORWARD -o mgmtgw1                                           -j DROP        -j ACCEPT       -m comment --comment "only for bastion hosts"
-        ip6tables -A FORWARD -o ipmigw1                                           -j DROP        -j ACCEPT       -m comment --comment "only for bastion hosts"
-        ip6tables -A FORWARD -i ipmigw1 -m state --state ESTABLISHED,RELATED      -j ACCEPT      -j ACCEPT       -m comment --comment "only for bastion hosts"
-        ip6tables -A FORWARD -i ipmigw1                                           -j DROP        -j ACCEPT       -m comment --comment "only for bastion hosts"
+        ip6tables -A FORWARD -o mgmtgw1 -m state --state ESTABLISHED,RELATED      -j ACCEPT        -m comment --comment "only for bastion hosts"
+        ip6tables -A FORWARD -o mgmtgw1                                           -j DROP          -m comment --comment "only for bastion hosts"
+        ip6tables -A FORWARD -o ipmigw1                                           -j DROP          -m comment --comment "only for bastion hosts"
+        ip6tables -A FORWARD -i ipmigw1 -m state --state ESTABLISHED,RELATED      -j ACCEPT        -m comment --comment "only for bastion hosts"
+        ip6tables -A FORWARD -i ipmigw1                                           -j DROP          -m comment --comment "only for bastion hosts"
 
 
        #special tables