diff --git a/src/freedombone-app-batman b/src/freedombone-app-batman
index 8511ed9ae4b45b535919829f5a37acb6c557991e..dc51950dc35e81a3fde0e72bbdf81f119f59878d 100755
--- a/src/freedombone-app-batman
+++ b/src/freedombone-app-batman
@@ -169,7 +169,7 @@ function install_mesh_tunnel {
     echo '; IP address the broker will listen and accept tunnels on' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
     echo 'address=127.0.0.1' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
     echo '; Ports where the broker will listen on' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
-    echo "port=53,123,8942" >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
+    echo 'port=53,8942' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
     echo '; Interface with that IP address' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
     echo 'interface=lo' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
     echo '; Maximum number of tunnels that will be allowed by the broker' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman
index 83981c3a6cb2fa7d9dfbe61ea5d21abaefd9da9b..6bca08fee2064970b0e6910a065b7f6535a4e4c4 100755
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -158,6 +158,11 @@ function stop {
     # SSB/Patchwork
     iptables -D INPUT -p udp --dport 8008 -j ACCEPT
     iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
+    # Tunnel over the internet
+    iptables -D INPUT -p tcp --dport 53 -j ACCEPT
+    iptables -D INPUT -p udp --dport 53 -j ACCEPT
+    iptables -D INPUT -p tcp --dport 8942 -j ACCEPT
+    iptables -D INPUT -p udp --dport 8942 -j ACCEPT
 
     systemctl restart network-manager
 }
@@ -313,6 +318,11 @@ function start {
     # SSB/Patchwork
     iptables -A INPUT -p udp --dport 8008 -j ACCEPT
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
+    # Tunnel over the internet
+    iptables -A INPUT -p tcp --dport 53 -j ACCEPT
+    iptables -A INPUT -p udp --dport 53 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 8942 -j ACCEPT
+    iptables -A INPUT -p udp --dport 8942 -j ACCEPT
 
     systemctl restart avahi-daemon