diff --git a/roles/firewall-vpn-l/files/ferm.conf b/roles/firewall-vpn-l/files/ferm.conf
index ad1b38f..31d5ec1 100644
--- a/roles/firewall-vpn-l/files/ferm.conf
+++ b/roles/firewall-vpn-l/files/ferm.conf
@@ -23,18 +23,11 @@ table filter {
         interface lo ACCEPT;
 
         # allow SSH connections
-        #interface ($DEV_VPN) {
 	proto tcp dport ssh ACCEPT;
-	#}
 
         # allow DNS connections
-        #interface ($DEV_INT) {
 	proto udp sport domain ACCEPT;
-	proto udp dport domain ACCEPT;
-	#}	
-
-        # DHCP
-        proto udp dport (67 68) ACCEPT;
+	proto udp dport domain ACCEPT;	
 
         # allow IPsec
         interface ($DEV_AG $DEV_VPN) {