diff --git a/roles/firewall-vpn-r/files/ferm.conf b/roles/firewall-vpn-r/files/ferm.conf
index c9e47d6..7e274cc 100644
--- a/roles/firewall-vpn-r/files/ferm.conf
+++ b/roles/firewall-vpn-r/files/ferm.conf
@@ -23,15 +23,14 @@ table filter {
         interface lo ACCEPT;
 
         # allow SSH connections
-        #interface ($DEV_ADM) {
+        #interface ($DEV_VPN) {
 	proto tcp dport ssh ACCEPT;
 	#}
 
         # allow DNS connections
-        #interface ($DEV_INT) {
 	proto udp sport domain ACCEPT;
 	proto udp dport domain ACCEPT;
-	#}	
+		
 
         # allow IPsec
         interface ($DEV_VPN) {
@@ -62,38 +61,11 @@ table filter {
 
     }
     chain OUTPUT {
-        policy DROP;
-#        interface ($DEV_PUB) {
-        
-	# Autoriser SSH
-        proto tcp sport ssh ACCEPT;
-
-	# Autoriser DNS
-        proto udp dport domain ACCEPT;
-        proto udp sport domain ACCEPT;
-	
-	# Autoriser ipsec
-        proto udp dport 500 ACCEPT;
-        proto udp sport 500 ACCEPT;
-	
-	# Autoriser nat-t-ike
-        proto udp dport 4500 ACCEPT;
-        proto udp sport 4500 ACCEPT;
-        
-	# Autoriser supervision
-        proto udp dport 161 ACCEPT;
-	
-	# Autoriser NTP
-        proto udp dport 123 ACCEPT;
-
-        # respond to ping
-        proto icmp ACCEPT; 
-
-#	}
+        policy ACCEPT;
 
         # connection tracking
-        #mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
+        # mod state state INVALID DROP;
+        # mod state state (ESTABLISHED RELATED) ACCEPT;
     }
     chain FORWARD {
         policy ACCEPT;
@@ -102,15 +74,4 @@ table filter {
         mod state state INVALID DROP;
         mod state state (ESTABLISHED RELATED) ACCEPT;
     }
-}
-
-# IPv6:
-#domain ip6 {
-#    table filter {
-#        chain INPUT {
-#            policy ACCEPT;
-#            # ...
-#        }
-#        # ...
-#    }
-#}
+}
\ No newline at end of file