diff --git a/plugins/meta/tuning/tuning.go b/plugins/meta/tuning/tuning.go
index 719e4ce7..694e75cf 100644
--- a/plugins/meta/tuning/tuning.go
+++ b/plugins/meta/tuning/tuning.go
@@ -316,6 +316,10 @@ func cmdAdd(args *skel.CmdArgs) error {
 		return err
 	}
 
+	if err = validateArgs(args); err != nil {
+		return err
+	}
+
 	// Parse previous result.
 	if tuningConf.RawPrevResult == nil {
 		return fmt.Errorf("Required prevResult missing")
@@ -330,12 +334,14 @@ func cmdAdd(args *skel.CmdArgs) error {
 
 	err = ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error {
 		for key, value := range tuningConf.SysCtl {
+			key = strings.Replace(key, ".", string(os.PathSeparator), -1)
+
 			// If the key contains `IFNAME` - substitute it with args.IfName
 			// to allow setting sysctls on a particular interface, on which
 			// other operations (like mac/mtu setting) are performed
 			key = strings.Replace(key, "IFNAME", args.IfName, 1)
 
-			fileName := filepath.Join("/proc/sys", strings.Replace(key, ".", "/", -1))
+			fileName := filepath.Join("/proc/sys", key)
 
 			// Refuse to modify sysctl parameters that don't belong
 			// to the network subsystem.
@@ -570,3 +576,10 @@ func validateSysctlConflictingKeys(data []byte) error {
 	sysctlCheck := sysctlCheck{}
 	return json.Unmarshal(data, &sysctlCheck)
 }
+
+func validateArgs(args *skel.CmdArgs) error {
+	if strings.Contains(args.Args, string(os.PathSeparator)) {
+		return errors.New(fmt.Sprintf("Interface name contains an invalid character %s", string(os.PathSeparator)))
+	}
+	return nil
+}