diff --git a/pkg/registry/service/ip_allocator.go b/pkg/registry/service/ip_allocator.go
index 6fb288c1b1f..09746aa9bbe 100644
--- a/pkg/registry/service/ip_allocator.go
+++ b/pkg/registry/service/ip_allocator.go
@@ -46,11 +46,12 @@ func (s *ipAddrSet) Init() {
 	s.ips = map[string]bool{}
 }
 
-// Adds to the ipAddrSet; returns true iff it was added (was not already in set)
+// Gets the number of IPs in the set
 func (s *ipAddrSet) Size() int {
 	return len(s.ips)
 }
 
+// Tests whether the set holds a given IP
 func (s *ipAddrSet) Contains(ip net.IP) bool {
 	key := ip.String()
 	exists := s.ips[key]
@@ -112,13 +113,11 @@ func newIPAllocator(subnet *net.IPNet) *ipAllocator {
 	}
 	ipa.used.Init()
 
-	zero := make(net.IP, len(subnet.IP), len(subnet.IP))
+	network := make(net.IP, len(subnet.IP), len(subnet.IP))
 	for i := 0; i < len(subnet.IP); i++ {
-		zero[i] = subnet.IP[i] & subnet.Mask[i]
+		network[i] = subnet.IP[i] & subnet.Mask[i]
 	}
-	ipa.used.Add(zero) // block the zero addr
-
-	ipa.used.Add(subnet.IP) // block the network addr
+	ipa.used.Add(network) // block the network addr
 
 	broadcast := make(net.IP, len(subnet.IP), len(subnet.IP))
 	for i := 0; i < len(subnet.IP); i++ {
diff --git a/pkg/registry/service/ip_allocator_test.go b/pkg/registry/service/ip_allocator_test.go
index 677015de31c..8873e2c14a7 100644
--- a/pkg/registry/service/ip_allocator_test.go
+++ b/pkg/registry/service/ip_allocator_test.go
@@ -54,6 +54,14 @@ func TestAllocate(t *testing.T) {
 	_, ipnet, _ := net.ParseCIDR("93.76.0.0/22")
 	ipa := newIPAllocator(ipnet)
 
+	if err := ipa.Allocate(net.ParseIP("93.76.0.0")); err == nil {
+		t.Errorf("expected failure")
+	}
+
+	if err := ipa.Allocate(net.ParseIP("93.76.3.255")); err == nil {
+		t.Errorf("expected failure")
+	}
+
 	if err := ipa.Allocate(net.ParseIP("93.76.0.1")); err != nil {
 		t.Errorf("expected success, got %s", err)
 	}
diff --git a/pkg/util/iptables/iptables.go b/pkg/util/iptables/iptables.go
index e410d3dd9b5..acd0724e3a6 100644
--- a/pkg/util/iptables/iptables.go
+++ b/pkg/util/iptables/iptables.go
@@ -38,11 +38,11 @@ type Interface interface {
 	IsIpv6() bool
 }
 
-type Protocol bool
+type Protocol byte
 
 const (
-	ProtocolIpv4 Protocol = false
-	ProtocolIpv6 Protocol = true
+	ProtocolIpv4 Protocol = iota + 1
+	ProtocolIpv6
 )
 
 type Table string