diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py
index 1a6c1cd6..303842ee 100755
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@@ -1585,9 +1585,10 @@ class firewall_routeur(firewall_crans):
         iptables("-P FORWARD DROP")
         for ip in accueil_route.keys():
             for type in accueil_route[ip].keys():
-                for port in accueil_route[ip][type]:
-                    iptables("-A FORWARD -p %s -d %s --dport %s -j ACCEPT" % (type,ip,port))
-                    iptables("-A FORWARD -p %s -s %s --sport %s -j ACCEPT" % (type,ip,port))
+                if type in ['udp', 'tcp']:
+                    for port in accueil_route[ip][type]:
+                        iptables("-A FORWARD -p %s -d %s --dport %s -j ACCEPT" % (type,ip,port))
+                        iptables("-A FORWARD -p %s -s %s --sport %s -j ACCEPT" % (type,ip,port))
 
     def mangle_table(self):
         iptables("-t mangle -F PREROUTING")
@@ -1597,13 +1598,14 @@ class firewall_routeur(firewall_crans):
         #intranet et wiki pour le vlan accueil
         for ip in accueil_route.keys():
             for type in accueil_route[ip].keys():
-                for port in accueil_route[ip][type]:
-                    iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,type,ip,port))
-                    iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_isolement ,type,ip,port))
-                    iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_appart ,type,ip,port))
-                    iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['accueil'][0],ip,port))
-                    iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['isolement'][0],ip,port))
-                    iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['personnel-ens'][0],ip,port))
+                if type in ['udp', 'tcp']:
+                    for port in accueil_route[ip][type]:
+                        iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,type,ip,port))
+                        iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_isolement ,type,ip,port))
+                        iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_appart ,type,ip,port))
+                        iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['accueil'][0],ip,port))
+                        iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['isolement'][0],ip,port))
+                        iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['personnel-ens'][0],ip,port))
 
         # Proxy transparent pour les vlans isolement et accueil
         i=1