diff --git a/src/firejail/arp.c b/src/firejail/arp.c
index 1e96410978c..bbab9a6d95c 100644
--- a/src/firejail/arp.c
+++ b/src/firejail/arp.c
@@ -277,7 +277,7 @@ static uint32_t arp_random(const char *dev, Bridge *br) {
 	int i = 0;
 	for (i = 0; i < 10; i++) {
 		dest = start + ((uint32_t) rand()) % range;
-		if (dest == ifip)	// do not allow the interface address
+		if (dest == ifip || dest == cfg.defaultgw)	// do not allow the interface address or the default gateway
 			continue;		// try again
 
 		// if we've made it up to here, we have a valid address
@@ -325,7 +325,7 @@ static uint32_t arp_sequential(const char *dev, Bridge *br) {
 
 	// loop through addresses and stop as soon as you find an unused one
 	while (dest <= last) {
-		if (dest == ifip) {
+		if (dest == ifip || dest == cfg.defaultgw) {
 			dest++;
 			continue;
 		}
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 08f0f32c960..a6bcec02c16 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -227,7 +227,7 @@ static void sandbox_if_up(Bridge *br) {
 	if (br->arg_ip_none == 1);	// do nothing
 	else if (br->arg_ip_none == 0 && br->macvlan == 0) {
 		if (br->ipsandbox == br->ip) {
-			fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address.\n", PRINT_IP(br->ipsandbox), br->dev);
+			fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address, exiting...\n", PRINT_IP(br->ipsandbox), br->dev);
 			exit(1);
 		}
 
@@ -245,13 +245,17 @@ static void sandbox_if_up(Bridge *br) {
 			br->ipsandbox = arp_assign(dev, br); //br->ip, br->mask);
 		else {
 			if (br->ipsandbox == br->ip) {
-				fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address.\n", PRINT_IP(br->ipsandbox), br->dev);
+				fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address, exiting...\n", PRINT_IP(br->ipsandbox), br->dev);
+				exit(1);
+			}
+			if (br->ipsandbox == cfg.defaultgw) {
+				fprintf(stderr, "Error: %d.%d.%d.%d is the default gateway, exiting...\n", PRINT_IP(br->ipsandbox));
 				exit(1);
 			}
 
 			uint32_t rv = arp_check(dev, br->ipsandbox);
 			if (rv) {
-				fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use.\n", PRINT_IP(br->ipsandbox));
+				fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use, exiting...\n", PRINT_IP(br->ipsandbox));
 				exit(1);
 			}
 		}