diff --git a/src/network.js b/src/network.js
index 2810e2bd1..8add5b98d 100644
--- a/src/network.js
+++ b/src/network.js
@@ -46,7 +46,7 @@ function setBlocklist(blocklist, auditSource, callback) {
 
     if (settings.isDemo()) return callback(new BoxError(BoxError.CONFLICT, 'Not allowed in demo mode'));
 
-    if (!safe.fs.writeFileSync(paths.FIREWALL_BLOCKLIST_FILE, blocklist, 'utf8')) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
+    if (!safe.fs.writeFileSync(paths.FIREWALL_BLOCKLIST_FILE, blocklist + '\n', 'utf8')) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
 
     shell.sudo('setBlocklist', [ SET_BLOCKLIST_CMD ], {}, function (error) {
         if (error) return callback(new BoxError(BoxError.IPTABLES_ERROR, `Error setting blocklist: ${error.message}`));
diff --git a/src/scripts/setblocklist.sh b/src/scripts/setblocklist.sh
index 53e117e79..70fbed67d 100755
--- a/src/scripts/setblocklist.sh
+++ b/src/scripts/setblocklist.sh
@@ -17,7 +17,8 @@ ipset flush cloudron_blocklist
 user_firewall_json="/home/yellowtent/boxdata/firewall/blocklist.txt"
 
 if [[ -f "${user_firewall_json}" ]]; then
-    while read -r line; do
+    # without the -n block, any last line without a new line won't be read it!
+    while read -r line || [[ -n "$line" ]]; do
         [[ -z "${line}" ]] && continue # ignore empty lines
         [[ "$line" =~ ^#.*$ ]] && continue # ignore lines starting with #
         ipset add cloudron_blocklist "${line}"