diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst
index b789c0b..7c11508 100755
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@@ -79,12 +79,12 @@ case "$1" in
 
 	cat <<-"EOF" >/etc/network/interfaces.d/mgmt1
 		auto mgmt1
-		iface mgmt1 inet6 auto
 		iface mgmt1 inet dhcp
 		    pre-up /bin/ip link add mgmt type vrf table mgmt
 		    pre-up /bin/ip link set up dev mgmt
 		    pre-up /bin/ip link set master mgmt dev mgmt1
 		    post-down /bin/ip link del dev mgmt
+		iface mgmt1 inet6 dhcp
 	EOF
 
 	cat <<-"EOF" >/etc/network/interfaces.d/feth
diff --git a/files/firewall b/files/firewall
index 60a40de..ed25f1a 100755
--- a/files/firewall
+++ b/files/firewall
@@ -59,8 +59,8 @@ case $1 in
 
         ip6tables -t raw -A PREROUTING ! -i mgmt1 -j NOTRACK
         ip6tables -t raw -A OUTPUT     ! -o mgmt  -j NOTRACK
-        ip6tables -A INPUT -i mgmt1  -m state --state ESTABLISHED,RELATED      -j ACCEPT
-        ip6tables -A INPUT -i mgmt1                -p tcp --dport  22          -j ACCEPT
+        ip6tables -A INPUT -i mgmt   -m state --state ESTABLISHED,RELATED      -j ACCEPT
+        ip6tables -A INPUT -i mgmt                 -p tcp --dport  22          -j ACCEPT
 
      ##### temp rules till we get VRF in place in the factory, just flip the 3 rules below
       if ip link show dev mgmt >/dev/null 2>&1; then