diff --git a/roles/fw-ferm/files/ferm.conf.r-vp1 b/roles/fw-ferm/files/ferm.conf.r-vp1
index 00249d7..f6ddd32 100644
--- a/roles/fw-ferm/files/ferm.conf.r-vp1
+++ b/roles/fw-ferm/files/ferm.conf.r-vp1
@@ -35,12 +35,6 @@ table filter {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT; 
         }
-        interface $DEV_VPN{
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        # disallow ssh
-        saddr proto tcp dport ssh DROP;
-        }           
         
 
         # interface réseau 
@@ -53,16 +47,20 @@ table filter {
 
     # outgoing connections are not limited
     chain OUTPUT {policy ACCEPT;
-        interface $DEV_VPN{
-        # allow ssh
-        daddr proto tcp dport ssh ACCEPT;
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
         }
      }#FIN OUTPUT
     chain FORWARD {
         policy ACCEPT;
 
+        interface $DEV_VPN{
+            # respond to ping
+            proto icmp icmp-type echo-request ACCEPT;
+            # disallow ssh
+            saddr proto tcp dport ssh DROP;
+            # allow ssh
+            daddr proto tcp dport ssh ACCEPT;
+
+        }
         # connection tracking
         mod state state INVALID DROP;
         mod state state (ESTABLISHED RELATED) ACCEPT;