diff --git a/app/example.yml b/app/example.yml
index 2c00f23..5671dec 100644
--- a/app/example.yml
+++ b/app/example.yml
@@ -21,8 +21,7 @@ patterns:
 # Those commands will be executed in order at start, before everything else
 start:
   - [ 'ip46tables', '-w', '-N', 'reaction' ]
-  - [ 'ip46tables', '-w', '-A', 'reaction', '-j', 'ACCEPT' ]
-  - [ 'ip46tables', '-w', '-I', 'reaction', '1', '-s', '127.0.0.1', '-j', 'ACCEPT' ]
+  - [ 'ip46tables', '-w', '-A', 'reaction', '-j', 'RETURN' ]
   - [ 'ip46tables', '-w', '-I', 'INPUT', '-p', 'all', '-j', 'reaction' ]
 
 # Those commands will be executed in order at stop, after everything else
diff --git a/config/server.jsonnet b/config/server.jsonnet
index 71ecd3d..8766e2c 100644
--- a/config/server.jsonnet
+++ b/config/server.jsonnet
@@ -19,6 +19,16 @@ local banFor(time) = {
     },
   },
 
+  start: [
+    ['ip46tables', '-w', '-N', 'reaction'],
+    ['ip46tables', '-w', '-I', 'INPUT', '-p', 'all', '-j', 'reaction'],
+  ],
+  stop: [
+    ['ip46tables', '-w', '-D', 'INPUT', '-p', 'all', '-j', 'reaction'],
+    ['ip46tables', '-w', '-F', 'reaction'],
+    ['ip46tables', '-w', '-X', 'reaction'],
+  ],
+
   streams: {
     // Ban hosts failing to connect via ssh
     ssh: {