diff --git a/client/internal/config.go b/client/internal/config.go
index 6cfd714ef..e37d6e3e5 100644
--- a/client/internal/config.go
+++ b/client/internal/config.go
@@ -58,7 +58,8 @@ func createNewConfig(managementURL, adminURL, configPath, preSharedKey string) (
 		config.PreSharedKey = preSharedKey
 	}
 
-	config.IFaceBlackList = []string{iface.WgInterfaceDefault, "tun0"}
+	config.IFaceBlackList = []string{iface.WgInterfaceDefault, "tun0", "zt", "ZeroTier", "utun", "wg", "ts",
+		"Tailscale", "tailscale"}
 
 	err := util.WriteJson(configPath, config)
 	if err != nil {
diff --git a/client/internal/peer/conn.go b/client/internal/peer/conn.go
index 2b0dc8f9a..d057fbfaf 100644
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -5,6 +5,7 @@ import (
 	"github.com/netbirdio/netbird/iface"
 	"golang.zx2c4.com/wireguard/wgctrl"
 	"net"
+	"strings"
 	"sync"
 	"time"
 
@@ -84,27 +85,27 @@ func NewConn(config ConnConfig) (*Conn, error) {
 	}, nil
 }
 
-// interfaceFilter is a function passed to ICE Agent to filter out blacklisted interfaces
+// interfaceFilter is a function passed to ICE Agent to filter out not allowed interfaces
+// to avoid building tunnel over them
 func interfaceFilter(blackList []string) func(string) bool {
-	var blackListMap map[string]struct{}
-	if blackList != nil {
-		blackListMap = make(map[string]struct{})
-		for _, s := range blackList {
-			blackListMap[s] = struct{}{}
-		}
-	}
-	return func(iFace string) bool {
 
-		_, ok := blackListMap[iFace]
-		if ok {
-			return false
+	return func(iFace string) bool {
+		for _, s := range blackList {
+			if strings.HasPrefix(iFace, s) {
+				return false
+			}
 		}
-		// look for unlisted Wireguard interfaces
+		// look for unlisted WireGuard interfaces
 		wg, err := wgctrl.New()
 		if err != nil {
 			log.Debugf("trying to create a wgctrl client failed with: %v", err)
 		}
-		defer wg.Close()
+		defer func() {
+			err := wg.Close()
+			if err != nil {
+				return
+			}
+		}()
 
 		_, err = wg.Device(iFace)
 		return err != nil
diff --git a/client/internal/peer/conn_test.go b/client/internal/peer/conn_test.go
index 90b33bb7a..ed11edad9 100644
--- a/client/internal/peer/conn_test.go
+++ b/client/internal/peer/conn_test.go
@@ -3,6 +3,7 @@ package peer
 import (
 	"github.com/magiconair/properties/assert"
 	"github.com/netbirdio/netbird/client/internal/proxy"
+	"github.com/netbirdio/netbird/iface"
 	"github.com/pion/ice/v2"
 	"sync"
 	"testing"
@@ -18,6 +19,18 @@ var connConf = ConnConfig{
 	ProxyConfig:        proxy.Config{},
 }
 
+func TestNewConn_interfaceFilter(t *testing.T) {
+	ignore := []string{iface.WgInterfaceDefault, "tun0", "zt", "ZeroTier", "utun", "wg", "ts",
+		"Tailscale", "tailscale"}
+
+	filter := interfaceFilter(ignore)
+
+	for _, s := range ignore {
+		assert.Equal(t, filter(s), false)
+	}
+
+}
+
 func TestConn_GetKey(t *testing.T) {
 	conn, err := NewConn(connConf)
 	if err != nil {