diff --git a/ops/nixos/blade-paris/default.nix b/ops/nixos/blade-paris/default.nix
index f9efeef89f..a283dfce66 100644
--- a/ops/nixos/blade-paris/default.nix
+++ b/ops/nixos/blade-paris/default.nix
@@ -64,7 +64,10 @@ in {
     }];
     defaultGateway = internetAddresses.v4.remote;
     defaultGateway6 = internetAddresses.v6.remote;
-    firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
+    firewall.extraCommands = ''
+      iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT
+      ip6tables -A INPUT -p vrrp -i br-mgmt -j ACCEPT
+    '';
   };
   my.ip.tailscale = "100.117.185.118";
   my.blade.bay = 2;
diff --git a/ops/nixos/blade-tuvok/default.nix b/ops/nixos/blade-tuvok/default.nix
index 5d233b2a1e..607a63bbd4 100644
--- a/ops/nixos/blade-tuvok/default.nix
+++ b/ops/nixos/blade-tuvok/default.nix
@@ -66,7 +66,10 @@ in {
     defaultGateway = internetAddresses.v4.remote;
     defaultGateway6 = internetAddresses.v6.remote;
     firewall.allowedTCPPorts = [ 80 443 ];
-    firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
+    firewall.extraCommands = ''
+      iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT
+      ip6tables -A INPUT -p vrrp -i br-mgmt -j ACCEPT
+    '';
   };
   my.ip.tailscale = "100.119.123.33";
   my.blade.bay = 6;