diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index f6b49f0..1e675ca 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -270,12 +270,15 @@ net.ipv4.tcp_rfc1337=1
 
 ## Enable reverse path filtering (source validation) of packets received from all interfaces.
 ## Prevents IP spoofing and mitigates vulnerabilities such as CVE-2019-14899.
+## The second "default" command fixes a bug in the existing kernel implementation.
 ##
 ## https://en.wikipedia.org/wiki/IP_address_spoofing
 ## https://forums.whonix.org/t/enable-reverse-path-filtering/8594
 ## https://seclists.org/oss-sec/2019/q4/122
+## https://github.com/Kicksecure/security-misc/pull/261
 ##
 net.ipv4.conf.*.rp_filter=1
+net.ipv4.conf.default.rp_filter=1
 
 ## Disable ICMP redirect acceptance and redirect sending messages.
 ## Prevents man-in-the-middle attacks and minimizes information disclosure.