diff --git a/bin/firewall-sosdg b/bin/firewall-sosdg
index d7e4d24..b68dc1f 100755
--- a/bin/firewall-sosdg
+++ b/bin/firewall-sosdg
@@ -699,9 +699,9 @@ if [ $NAT ]; then
 	fi
 fi
 
-$IPTABLES --policy INPUT ${IPV4_INPUT}
-$IPTABLES --policy OUTPUT ${IPV4_OUTPUT}
-$IPTABLES --policy FORWARD ${IPV4_FORWARD}
+$IPTABLES --policy INPUT ${IPV4_PINPUT}
+$IPTABLES --policy OUTPUT ${IPV4_POUTPUT}
+$IPTABLES --policy FORWARD ${IPV4_PFORWARD}
 
 
 if [ -s "$BASEDIR/include/ipv4_custom_blockincoming" ]; then
@@ -989,9 +989,9 @@ fi
 		$IP6TABLES -A INPUT -p tcp --syn -j DROP
 		$IP6TABLES -A INPUT -p udp -j DROP
 	fi
-	$IP6TABLES --policy INPUT ${IPV6_INPUT}
-	$IP6TABLES --policy OUTPUT ${IPV6_OUTPUT}
-	$IP6TABLES --policy FORWARD ${IPV6_FORWARD}
+	$IP6TABLES --policy INPUT ${IPV6_PINPUT}
+	$IP6TABLES --policy OUTPUT ${IPV6_POUTPUT}
+	$IP6TABLES --policy FORWARD ${IPV6_PFORWARD}
 fi
 
 if [ $TWEAKS ]; then
diff --git a/include/static b/include/static
index a614e90..f5185ee 100755
--- a/include/static
+++ b/include/static
@@ -88,9 +88,9 @@ IPV6_NETMASK_MATCH=""
 
 # Default policies for IPv4 and IPv6.  Make these ACCEPT by default, except for FORWARD,
 # since one wrong configuration can lock someone out.
-IPV4_INPUT=ACCEPT
-IPV4_OUTPUT=ACCEPT
-IPV4_FORWARD=DROP
-IPV6_INPUT=ACCEPT
-IPV6_OUTPUT=ACCEPT
-IPV6_FORWARD=DROP
\ No newline at end of file
+IPV4_PINPUT=ACCEPT
+IPV4_POUTPUT=ACCEPT
+IPV4_PFORWARD=DROP
+IPV6_PINPUT=ACCEPT
+IPV6_POUTPUT=ACCEPT
+IPV6_PFORWARD=DROP
\ No newline at end of file
diff --git a/options.default b/options.default
index 828862a..b8f7ace 100755
--- a/options.default
+++ b/options.default
@@ -43,13 +43,13 @@ POSTRUN="$BASEDIR/conf/postrun"
 
 
 # Default IPv4 policies
-# IPV4_INPUT set to DROP is different from BLOCKINCOMING,
+# IPV4_PINPUT set to DROP is different from BLOCKINCOMING,
 # as BLOCKINCOMING only blocks syn packets for TCP while still
 # allowing established connections even if connection tracking is off.
 # BLOCKINCOMING does however, deny all incoming UDP just like INPUT=DROP does.
-IPV4_INPUT=ACCEPT
-IPV4_OUTPUT=ACCEPT
-IPV4_FORWARD=DROP
+IPV4_PINPUT=ACCEPT
+IPV4_POUTPUT=ACCEPT
+IPV4_PFORWARD=DROP
 
 # Do we run a LAN DHCP server?  Put the interfaces here
 # where this server is providing services.
@@ -184,13 +184,13 @@ BLOCKEDIP=$BASEDIR/conf/ipv4-blocked
 #IPV6_CONNTRACK=1
 
 # Default IPv6 policies
-# IPV6_INPUT set to DROP is different from IPV6_BLOCKINCOMING,
+# IPV6_PINPUT set to DROP is different from IPV6_BLOCKINCOMING,
 # as BLOCKINCOMING only blocks syn packets for TCP while still
 # allowing established connections even if connection tracking is off.
 # BLOCKINCOMING does however, deny all incoming UDP just like INPUT=DROP does.
-IPV6_INPUT=ALLOW
-IPV6_OUTPUT=ALLOW
-IPV6_FORWARD=DROP
+IPV6_PINPUT=ALLOW
+IPV6_POUTPUT=ALLOW
+IPV6_PFORWARD=DROP
 
 # Allow outgoing DNS requests - important if you did not activate connection
 # tracking.  Set this to the interfaces you wish to use for outgoing requests