diff --git a/salt/upstream/iptables b/salt/upstream/iptables
index 1f3801c..eb024ce 100644
--- a/salt/upstream/iptables
+++ b/salt/upstream/iptables
@@ -9,6 +9,8 @@ fi
 if [ "$IFACE" = "{{ interface }}" ]; then
    iptables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
    ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
+   iptables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
+   ip6tables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
    iptables -A INPUT -i "$IFACE" -j DROP
    ip6tables -A INPUT -i "$IFACE" -j DROP
    iptables -P INPUT ACCEPT
diff --git a/salt/upstream/ipv6-tunnel-update.sh b/salt/upstream/ipv6-tunnel-update.sh
index d950e45..0bf95ec 100644
--- a/salt/upstream/ipv6-tunnel-update.sh
+++ b/salt/upstream/ipv6-tunnel-update.sh
@@ -1,4 +1,3 @@
 #!/bin/sh
 
-/usr/sbin/iptables -I INPUT -p icmp -j ACCEPT
 /usr/bin/curl "https://{{ username }}:{{ key }}@ipv4.tunnelbroker.net/nic/update?hostname={{ tunnel_id }}"