diff --git a/roles/lmn_exam/templates/no-way-out-nftable.j2 b/roles/lmn_exam/templates/no-way-out-nftable.j2
index 2c6efb8..93305a9 100644
--- a/roles/lmn_exam/templates/no-way-out-nftable.j2
+++ b/roles/lmn_exam/templates/no-way-out-nftable.j2
@@ -13,15 +13,17 @@ ${filterchain}
     chain filterin_${interface} {
         type filter hook ingress device ${interface} priority filter; policy drop;
         ip saddr \$allowed_ipv4 accept
-        ip saddr ${gateway} accept;
-        ip saddr 255.255.255.255 accept;
+        ip saddr ${gateway} accept
+        ip saddr 255.255.255.255 accept
+        ether type arp accept
     }
 
     chain filterout_${interface} {
         type filter hook egress device ${interface} priority filter; policy drop;
         ip daddr \$allowed_ipv4 accept
-        ip daddr ${gateway} accept;
-        ip daddr 255.255.255.255 accept;
+        ip daddr ${gateway} accept
+        ip daddr 255.255.255.255 accept
+        ether type arp accept
     }
 EOF
 )