diff --git a/gestion/gen_confs/firewall4.py b/gestion/gen_confs/firewall4.py
index 2a30da70..3e60a20f 100755
--- a/gestion/gen_confs/firewall4.py
+++ b/gestion/gen_confs/firewall4.py
@@ -1070,8 +1070,8 @@ class firewall_zamok(firewall_base):
                 try: self.add(table, chain, '-m owner --uid-owner %d -j ACCEPT' % pwd.getpwnam(user)[2])
                 except KeyError: print "Utilisateur %s inconnu" % user
 
-            for nounou in self.conn.search(u"droits=%s" % lc_ldap.attributs.nounou):
-                self.add(table, chain, '-m owner --uid-owner %s -j RETURN' % nounou['uidNumber'][0])
+            for adh in self.conn.search(u"(|(droits=%s)(droits=%s))" % (lc_ldap.attributs.nounou, lc_ldap.attributs.apprenti)):
+                self.add(table, chain, '-m owner --uid-owner %s -j RETURN' % adh['uidNumber'][0])
 
             # Rien d'autre ne passe
             self.add(table, chain, '-j REJECT --reject-with icmp-net-prohibited')