diff --git a/gestion/ipt.py b/gestion/ipt.py
index 4a4e683e..2b145833 100755
--- a/gestion/ipt.py
+++ b/gestion/ipt.py
@@ -642,6 +642,7 @@ def write_rules(ipt):
                 dir(ipt.__getattribute__(itables))):
             for rule in ipt.__getattribute__(itables).__getattribute__(ichain).items:
                 output[itables] += '-A ' + ichain.upper() + ' ' + rule + '\n'
+    output['filter'] += '-A FORWARD -j REJECT\n'
 
     # Ecriture dans le fichier
     fout.writelines(output['filter'])
@@ -715,7 +716,7 @@ def mac_ip(ipt, machines, types_machines):
                 prefix[type_m][0]))
 
     ipt.filter.ieui64('-s fe80::/64 -m eui64 -j RETURN')
-    ipt.filter.ieui64('-j DROP')
+    ipt.filter.ieui64('-j REJECT')
     #ipt.filter.ieui64('-j REJECT')
 
 def macips(ipt, machines, types_machines):
@@ -727,7 +728,7 @@ def macips(ipt, machines, types_machines):
                 break
     for type_m in types_machines:
         type_mm = re.sub('-', '', type_m)
-        getattr(ipt.filter,'mac' + type_mm)('-j DROP')
+        getattr(ipt.filter,'mac' + type_mm)('-j REJECT')
         #eval('ipt.filter.mac' + type_mm)('-j REJECT')
     return 0
 
@@ -742,11 +743,11 @@ def ingress_filtering(ipt):
             prefix['subnet'][0]))
         ipt.filter.ingress_filtering('-o %s -j LOG --log-prefix "BAD ROUTE "' %
                 dev_ext)
-        ipt.filter.ingress_filtering('-o %s -j DROP' % dev_ext)
+        ipt.filter.ingress_filtering('-o %s -j REJECT' % dev_ext)
         # de l'extérieur, on ne veut que des paquet ne provenant pas de notre
         # réseau à destination de notre réseau
         ipt.filter.ingress_filtering('-i %s ! -s %s -d %s -j RETURN' %
                 (dev_ext, prefix['subnet'][0], prefix['subnet'][0]))
         ipt.filter.ingress_filtering('-i %s -j LOG --log-prefix "BAD SRC "' %
                 dev_ext)
-        ipt.filter.ingress_filtering('-i %s -j DROP' % dev_ext)
+        ipt.filter.ingress_filtering('-i %s -j REJECT' % dev_ext)