diff --git a/tests/docker-common.sh b/tests/docker-common.sh
index b2a04988..a53d10d8 100755
--- a/tests/docker-common.sh
+++ b/tests/docker-common.sh
@@ -39,6 +39,10 @@ if test -z $FEDORA && test -z $DEBIAN;then
 	exit 77
 fi
 
+get_ip() {
+	IP=`$DOCKER inspect $IMAGE_NAME | grep \"IPAddress\" | cut -d '"' -f 4|head -n1`
+}
+
 check_for_file() {
 	FILENAME=$1
 	IMG=$2
diff --git a/tests/docker-ocserv/Dockerfile-fedora-fw b/tests/docker-ocserv/Dockerfile-fedora-fw
index 08692c00..e92ba126 100644
--- a/tests/docker-ocserv/Dockerfile-fedora-fw
+++ b/tests/docker-ocserv/Dockerfile-fedora-fw
@@ -29,4 +29,4 @@ ADD fw-script /usr/bin/
 # template, so we untar it from this archive.
 ADD dev-tun.tgz /dev/
 
-CMD nuttcp -S;sshd-keygen;/usr/sbin/sshd;mkdir -p /tmp/disconnect/;usr/sbin/ocserv -d 1 -f;sleep 3600
+CMD nuttcp -p 6001 -P 6000 -S;nuttcp -S;sshd-keygen;/usr/sbin/sshd;mkdir -p /tmp/disconnect/;usr/sbin/ocserv -d 1 -f;sleep 3600
diff --git a/tests/docker-ocserv/ocserv-fw.conf b/tests/docker-ocserv/ocserv-fw.conf
index 448ebd8a..5ed70f82 100644
--- a/tests/docker-ocserv/ocserv-fw.conf
+++ b/tests/docker-ocserv/ocserv-fw.conf
@@ -256,6 +256,7 @@ route = fd91:6d87:7441:dc6a::/64
 no-route = 10.46.59.0/24
 
 restrict-user-to-routes = true
+restrict-user-to-ports = "tcp(6000), tcp(6001), icmp(), icmpv6()"
 
 # Configuration files that will be applied per user connection or
 # per group. Each file name on these directories must match the username
diff --git a/tests/firewall-test b/tests/firewall-test
index fe30d963..6322427f 100755
--- a/tests/firewall-test
+++ b/tests/firewall-test
@@ -41,9 +41,10 @@ fi
 
 echo "ocserv image was run"
 #wait for ocserv to server
+
 sleep 5
 
-IP=`$DOCKER inspect $IMAGE_NAME | grep IPAddress | cut -d '"' -f 4`
+get_ip
 if test -z "$IP";then
 	echo "Detected IP is null!"
 	stop
@@ -107,7 +108,8 @@ retrieve_user_info test "Restricted to routes: True"
 # There is an issue in nuttcp that makes it crash under docker if
 # /proc/sys/net/ipv4/tcp_adv_win_scale does not exist.
 if test "$FEDORA" = 1;then
-nuttcp -T 10 -t 192.168.84.1
+
+nuttcp -p 6001 -P 6000 -T 10 -t 192.168.84.1
 if test $? != 0;then
 	echo "Cannot send to ocserv"
 	exit 77
@@ -115,13 +117,15 @@ if test $? != 0;then
 	stop
 fi
 
-nuttcp -T 10 -r 192.168.84.1
-if test $? != 0;then
-	echo "Cannot recv from ocserv"
-	exit 77
+nuttcp -T 10 -t 192.168.84.1
+if test $? = 0;then
+	echo "Could access ocserv although we are blocked"
+	exit 1
 	kill -INT $PID
 	stop
 fi
+
+
 fi
 
 sleep 2