diff --git a/gestion/config.py b/gestion/config.py
index a2acec26..634dd521 100644
--- a/gestion/config.py
+++ b/gestion/config.py
@@ -517,7 +517,8 @@ prefix = {  'subnet' : [ '2a01:240:fe3d::/48' ],
             'fil' : [ '2a01:240:fe3d:4::/64' ],
             'adm' : [ '2a01:240:fe3d:c804::/64' ],
             'wifi' : [ '2a01:240:fe3d:f7::/64' ],
-            'sixxs2' : [ '2a01:240:fe00:68::/64' ]
+            'sixxs2' : [ '2a01:240:fe00:68::/64' ],
+            'personnel-ens':['fe80:0:0:0::/64']
             }
 
 # Domaines dans lesquels les machines sont placées suivant leur type
@@ -580,7 +581,7 @@ file_pickle = { 4 : '/tmp/ipt_pickle',
               }
 
 blacklist_sanctions = ['upload', 'warez', 'p2p', 'autodisc_p2p',
-        'autodisc_upload', 'bloq']
+        'autodisc_upload', 'bloq', 'carte_etudiant','chambre_invalide']
 
 adm_users = [ 'root', 'identd', 'daemon', 'postfix', 'freerad', 'amavis',
         'nut', 'respbats', 'list', 'sqlgrey', 'ntpd', 'lp' ]
diff --git a/gestion/gen_confs/firewall6.py b/gestion/gen_confs/firewall6.py
index d68d2742..3060c785 100755
--- a/gestion/gen_confs/firewall6.py
+++ b/gestion/gen_confs/firewall6.py
@@ -88,6 +88,12 @@ def basic_fw():
     ''' Met en place un firewall de base commun à tous les serveurs'''
     # On rejete les ra.
     ip6tables.filter.input('-p icmpv6 -m icmp6 --icmpv6-type router-advertisement -j REJECT')
+
+     # On accepte NDP sauf les RA, sinon, les REJECT ne fonctionnent pas
+    for icmpv6 in ['neighbour-solicitation','neighbour-advertisement','redirect','router-solicitation']:
+        ip6tables.filter.input('-p icmpv6 -m icmp6 --icmpv6-type %s -j ACCEPT' % icmpv6)
+        ip6tables.filter.output('-p icmpv6 -m icmp6 --icmpv6-type %s -j ACCEPT' % icmpv6)
+    
     
     # On ne vérifie rien sur les ip qui ne sont pas dans notre prefix
     ip6tables.filter.ieui64('! -s %s -j RETURN' % prefix['subnet'][0])
@@ -138,7 +144,8 @@ def main_router():
     # Alternative : flusher la table conntrack des entrées concernant cette
     # machine.
     blacklist(ip6tables)
-    ip6tables.filter.forward('-o %s -j BLACKLIST_SRC' % dev_ip6)
+    ip6tables.filter.forward('-i %s -j BLACKLIST_SRC' % dev_crans)
+    #~ ip6tables.filter.forward('-o %s -j BLACKLIST_SRC' % dev_ip6)
     ip6tables.filter.forward('-i %s -j BLACKLIST_DST' % dev_ip6)
     
     ip6tables.filter.tracker_torrent('-m string --algo kmp ! --string "info_hash=" -j ACCEPT')
diff --git a/gestion/ipt.py b/gestion/ipt.py
index 2b145833..79f047ac 100755
--- a/gestion/ipt.py
+++ b/gestion/ipt.py
@@ -54,7 +54,7 @@ Filter_policy_template = """
 """
 
 dprefix = { 'fil' : 'fil', 'fil-v6' : 'fil', 'adm' : 'adm', 'wifi' : 'wifi',
-        'wifi-v6' : 'wifi' }
+        'wifi-v6' : 'wifi','personnel-ens':'personnel-ens' }
 
 default_chains = [ 'PREROUTING', 'INPUT', 'FORWARD', 'OUTPUT', 'POSTROUTING' ]
 
@@ -159,10 +159,12 @@ ACCEPT' % (dev, proto, ip, port))
         for type_m in mid.keys():
             if ident in range(mid[type_m][0], mid[type_m][1]):
                 ip = ipv6_addr(machine.mac(), type_m)
+                mac=machine.mac()
                 break
         if ip:
-            self.filter.blacklist_src('-s %s -j REJECT --reject-with \
-icmp6-adm-prohibited' % ip)
+            self.filter.blacklist_src('-m mac --mac-source %s -j REJECT --reject-with icmp6-port-unreachable' % mac)
+            #~ self.filter.blacklist_src('-s %s -j REJECT --reject-with \
+#~ icmp6-adm-prohibited' % ip)
             self.filter.blacklist_dst('-d %s -j REJECT --reject-with \
 icmp6-adm-prohibited' % ip)