diff --git a/bin/hardening/99.4_net_fw_default_policy_drop.sh b/bin/hardening/99.4_net_fw_default_policy_drop.sh
index 1f2c184..d683e4e 100755
--- a/bin/hardening/99.4_net_fw_default_policy_drop.sh
+++ b/bin/hardening/99.4_net_fw_default_policy_drop.sh
@@ -26,7 +26,7 @@ audit () {
     if [ "$FNRET" != 0 ]; then
         crit "$PACKAGE is not installed!"
     else
-        ipt=$($SUDO_CMD $PACKAGE -nL  || true )
+        ipt=$($SUDO_CMD $PACKAGE -nL 2>/dev/null || true )
         if [[ -z $ipt ]]; then
             crit "Empty return from $PACKAGE command. Aborting..."
             return
diff --git a/debian/changelog b/debian/changelog
index f04f1f8..5d74a3f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cis-hardening (1.2-5) unstable; urgency=medium
+
+  * fix(99.4): do not stderr iptables warning on buster
+
+ -- Kevin Tanguy <kevin.tanguy@ovh.net>  Wed, 14 Aug 2019 10:34:15 +0200
+
 cis-hardening (1.2-4) unstable; urgency=medium
 
   * changelog: update changelog