diff --git a/internal/firewall/iptables.go b/internal/firewall/iptables.go
index c409fb5b..5cbb8848 100644
--- a/internal/firewall/iptables.go
+++ b/internal/firewall/iptables.go
@@ -196,8 +196,8 @@ func (c *Config) acceptInputToPort(ctx context.Context, intf string, port uint16
 		interfaceFlag = ""
 	}
 	return c.runMixedIptablesInstructions(ctx, []string{
-		fmt.Sprintf("%s INPUT %s -p tcp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
-		fmt.Sprintf("%s INPUT %s -p udp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
+		fmt.Sprintf("%s INPUT %s -p tcp -m tcp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
+		fmt.Sprintf("%s INPUT %s -p udp -m udp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
 	})
 }