diff --git a/roles/base/templates/iptables/iptables.osuosl b/roles/base/templates/iptables/iptables.osuosl
index ad82724e5b..102ee7c394 100644
--- a/roles/base/templates/iptables/iptables.osuosl
+++ b/roles/base/templates/iptables/iptables.osuosl
@@ -29,6 +29,11 @@
 -A INPUT -p tcp -m tcp --dport 5666  -s 209.132.181.35 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
 
+{% if inventory_hostname in groups['proxies'] %}
+{% for friend in friends4 %}
+-A INPUT --src {{ friend }} -j DROP
+{% endfor %}
+{% endif %}
 
 # if the host/group defines incoming tcp_ports - allow them
 {% if tcp_ports is defined %}