diff --git a/roles/nftables_router/templates/nftables.d/50-filter.conf.j2 b/roles/nftables_router/templates/nftables.d/50-filter.conf.j2
index 63e5ebc..795d506 100644
--- a/roles/nftables_router/templates/nftables.d/50-filter.conf.j2
+++ b/roles/nftables_router/templates/nftables.d/50-filter.conf.j2
@@ -117,8 +117,8 @@ table inet filter {
         log prefix "fwd-to-inet" group 0
 
         # On évite certains problèmes de spam
-        ip saddr $member_v4 udp dport 25 drop
-        ip6 saddr $member_v6 udp dport 25 drop
+        ip saddr $member_v4 tcp dport 25 drop
+        ip6 saddr $member_v6 tcp dport 25 drop
 
         # Les adhérents ont accès à internet
         ip saddr $member_v4 accept