diff --git a/patches/systemvm/debian/config/root/firewall.sh b/patches/systemvm/debian/config/root/firewall.sh
index 201aa45ac74..84cbab75d5f 100755
--- a/patches/systemvm/debian/config/root/firewall.sh
+++ b/patches/systemvm/debian/config/root/firewall.sh
@@ -126,22 +126,12 @@ one_to_one_fw_entry() {
 
   # shortcircuit the process if error and it is an append operation
   # continue if it is delete
-  if [ $proto == "icmp" ]
-  then
-    (sudo iptables -t nat $op  PREROUTING -i $dev -d $publicIp --proto $proto \
-           -j DNAT \
-           --to-destination $instIp &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-     (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp --proto $proto \
-           -m state \
-           --state NEW -j ACCEPT &>>  $OUTFILE )
-  else
-     (sudo iptables -t nat $op  PREROUTING -i $dev -d $publicIp --proto $proto \
+  (sudo iptables -t nat $op  PREROUTING -i $dev -d $publicIp --proto $proto \
            --destination-port $portRange -j DNAT \
            --to-destination $instIp &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-     (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp --proto $proto \
+  (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp --proto $proto \
            --destination-port $portRange -m state \
            --state NEW -j ACCEPT &>>  $OUTFILE )
-   fi
 
   result=$?
   logger -t cloud "$(basename $0): done firewall entry public ip=$publicIp op=$op result=$result"
diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java
index c11dd7d8380..315c775d9e3 100755
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@@ -352,6 +352,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         ipAddress.setOneToOneNat(true);
         ipAddress.setAssociatedWithVmId(vmId);
         return _ipAddressDao.update(ipAddress.getId(), ipAddress);
+
     }
 
 
@@ -976,6 +977,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             s_logger.warn("Unable to revoke all static nat rules for ip " + ipAddress);
             success = false;
         }
+
         if (success) {
             ipAddress.setOneToOneNat(false);
             ipAddress.setAssociatedWithVmId(null);