diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 0875cec69..3a4c6db80 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -27,6 +27,7 @@ char enableorange[STRING_SIZE] = "off";
 char OVPNRED[STRING_SIZE] = "OVPN";
 char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
 char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
+char OVPNBLOCK[STRING_SIZE] = "OVPNBLOCK";
 char OVPNNAT[STRING_SIZE] = "OVPNNAT";
 char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
 
@@ -480,6 +481,11 @@ void setFirewallRules(void) {
 				OVPNRED, redif, conn->proto, conn->port);
 			executeCommand(command);
 
+			/* Block all communication from the transfer nets. */
+			snprintf(command, STRING_SIZE, "/sbin/iptables -A %s -s %s -j DROP",
+				OVPNBLOCK, conn->transfer_subnet);
+			executeCommand(command);
+
 			local_subnet_address = getLocalSubnetAddress(conn);
 			transfer_subnet_address = calcTransferNetAddress(conn);