diff --git a/tinc/tinc-down.tmpl b/tinc/tinc-down.tmpl
index 50b42e0..b69a94c 100644
--- a/tinc/tinc-down.tmpl
+++ b/tinc/tinc-down.tmpl
@@ -6,6 +6,6 @@ iptables -D FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j
 {{ end }}{{ end }}
 
 # Prevent spoofing attacks
-iptables -D FORWARD -i \$INTERFACE -s ! ${network_address}/${global_prefix:-16} -j DROP
+iptables -D FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP
 {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -D FORWARD -i \$INTERFACE -s {{.}} -j DROP
 {{ end }}{{ end }}
\ No newline at end of file