diff --git a/salt/firewall/iptables.jinja b/salt/firewall/iptables.jinja
index 8aea5ed36..ec2a5ae65 100644
--- a/salt/firewall/iptables.jinja
+++ b/salt/firewall/iptables.jinja
@@ -91,7 +91,9 @@ COMMIT
 {%- endfor %}
 
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
 -A INPUT -m conntrack --ctstate INVALID -j DROP
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -j LOGGING
 -A FORWARD -j DOCKER-USER
@@ -100,6 +102,11 @@ COMMIT
 -A FORWARD -o sobridge -j DOCKER
 -A FORWARD -i sobridge ! -o sobridge -j ACCEPT
 -A FORWARD -i sobridge -o sobridge -j ACCEPT
+-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i lo -j ACCEPT
+-A FORWARD -m conntrack --ctstate INVALID -j DROP
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+-A OUTPUT -o lo -j ACCEPT
 -A OUTPUT -p icmp -m icmp --icmp-type 14 -j DROP
 
 {%- for rule in D2 %}
diff --git a/salt/kibana/config.map.jinja b/salt/kibana/config.map.jinja
index 9e75f1726..9b460e86f 100644
--- a/salt/kibana/config.map.jinja
+++ b/salt/kibana/config.map.jinja
@@ -3,7 +3,7 @@
 {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 
 {% do KIBANACONFIG.kibana.config.server.update({'publicBaseUrl': 'https://' ~ GLOBALS.url_base ~ '/kibana'}) %}
-{% do KIBANACONFIG.kibana.config.elasticsearch.update({'hosts': ['https://' ~ GLOBALS.manager_ip ~ ':9200']}) %}
+{% do KIBANACONFIG.kibana.config.elasticsearch.update({'hosts': ['https://' ~ GLOBALS.manager ~ ':9200']}) %}
 
 {% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass')}) %}