diff --git a/rc.d/rc.firewall b/rc.d/rc.firewall
index d86171d..710029d 100755
--- a/rc.d/rc.firewall
+++ b/rc.d/rc.firewall
@@ -69,7 +69,7 @@ start_firewall() {
 
   # Allow unrestricted access from our IPs.
   for ENTRY in "${UNFILTERED_RANGES_V4[@]}"; do
-    iptables -A INPUT -i "$EX_IF" --s "$ENTRY" -j ACCEPT
+    iptables -A INPUT -i "$EX_IF" -s "$ENTRY" -j ACCEPT
   done
   for ENTRY in "${UNFILTERED_RANGES_V6[@]}"; do
     ip6tables -A INPUT -i "$EX_IF" -s "$ENTRY" -j ACCEPT
@@ -159,7 +159,9 @@ case "$1" in
     ;;
 esac
 
-# Restart fail2ban to re-create the ban chains.
-[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
+  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}
 
 exit 0
diff --git a/rc.d/rc.firewall-complete b/rc.d/rc.firewall-complete
index 25196f9..44e7f8e 100755
--- a/rc.d/rc.firewall-complete
+++ b/rc.d/rc.firewall-complete
@@ -205,7 +205,9 @@ case "$1" in
     ;;
 esac
 
-# Restart fail2ban to re-create the ban chains.
-[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
+  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}
 
 exit 0
diff --git a/rc.d/rc.firewall-float b/rc.d/rc.firewall-float
index 9ee055f..8bae5f4 100755
--- a/rc.d/rc.firewall-float
+++ b/rc.d/rc.firewall-float
@@ -187,7 +187,9 @@ case "$1" in
     ;;
 esac
 
-# Restart fail2ban to re-create the ban chains.
-[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
+  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}
 
 exit 0