diff --git a/app/controllers/epp_controller.rb b/app/controllers/epp_controller.rb
index e4ebcf66f..15f6c6a49 100644
--- a/app/controllers/epp_controller.rb
+++ b/app/controllers/epp_controller.rb
@@ -382,6 +382,6 @@ class EppController < ApplicationController
   def iptables_counter_update
     return if ENV['iptables_counter_enabled'].blank? && ENV['iptables_counter_enabled'] != 'true'
     return if current_user.blank?
-    counter_update(current_user.registrar_code, request.ip)
+    counter_update(current_user.registrar_code, ENV['iptables_server_ip'])
   end
 end
diff --git a/config/application-example.yml b/config/application-example.yml
index cce71e3a4..b08a1b007 100644
--- a/config/application-example.yml
+++ b/config/application-example.yml
@@ -61,6 +61,7 @@ contact_org_enabled: 'false'
 
 # Enable iptables counter updater
 # iptables_counter_enabled: 'true'
+# iptables_server_ip: '127.0.0.1'
 
 # Custom legal document types. Changing this requires updating EPP extension schema for allowed legalDocEnumType values.
 # System default for legal document types is: pdf,bdoc,ddoc,zip,rar,gz,tar,7z,odt,doc,docx
diff --git a/doc/debian_build_doc.md b/doc/debian_build_doc.md
index e14992994..084619b26 100644
--- a/doc/debian_build_doc.md
+++ b/doc/debian_build_doc.md
@@ -83,11 +83,14 @@ Iptables hitcounter is updated by application. For every registrar there is one
 
 ````
 #!/bin/bash
+iptables -A INPUT -p tcp --dport 700 -j CHKLIMITS
 
-iptables -A INPUT -p tcp --dport 700 -s $REGISTRAR_SOURCE -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
-iptables -A INPUT -p tcp --dport 700 -s $REGISTRAR_SOURCE2 -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
-iptables -A INPUT -p tcp --dport 700 -s $REGISTRAR2_SOURCE -m recent --name $REGISTRAR2_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
-iptables -A INPUT -p tcp --dport 700 -s $REGISTRAR2_SOURCE2 -m recent --name $REGISTRAR2_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
+iptables -N CHKLIMITS
+
+iptables -A CHKLIMITS -p tcp --dport 700 -s $REGISTRAR_SOURCE -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
+iptables -A CHKLIMITS -p tcp --dport 700 -s $REGISTRAR_SOURCE2 -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
+iptables -A CHKLIMITS -p tcp --dport 700 -s $REGISTRAR2_SOURCE -m recent --name $REGISTRAR2_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
+iptables -A CHKLIMITS -p tcp --dport 700 -s $REGISTRAR2_SOURCE2 -m recent --name $REGISTRAR2_CODE --rdest --rcheck --hitcount 100 --seconds 60 -j DROP
 
 
 ````