diff --git a/wgengine/filter/filter.go b/wgengine/filter/filter.go
index 2388f0ac8..9e761b6e6 100644
--- a/wgengine/filter/filter.go
+++ b/wgengine/filter/filter.go
@@ -371,7 +371,7 @@ func (f *Filter) pre(q *packet.ParsedPacket, rf RunFlags, dir direction) Respons
 		f.logRateLimit(rf, q, dir, Drop, "multicast")
 		return Drop
 	}
-	if q.DstIP.IsLinkLocalUnicast() {
+	if q.DstIP.IsMostLinkLocalUnicast() {
 		f.logRateLimit(rf, q, dir, Drop, "link-local-unicast")
 		return Drop
 	}
@@ -418,7 +418,7 @@ func omitDropLogging(p *packet.ParsedPacket, dir direction) bool {
 			if ipProto == packet.IGMP {
 				return true
 			}
-			if p.DstIP.IsMulticast() || p.DstIP.IsLinkLocalUnicast() {
+			if p.DstIP.IsMulticast() || p.DstIP.IsMostLinkLocalUnicast() {
 				return true
 			}
 		case 6:
diff --git a/wgengine/packet/ip.go b/wgengine/packet/ip.go
index f26ce2626..dfbc7630a 100644
--- a/wgengine/packet/ip.go
+++ b/wgengine/packet/ip.go
@@ -47,6 +47,10 @@ func (ip IP) IsLinkLocalUnicast() bool {
 	return byte(ip>>24) == 169 && byte(ip>>16) == 254
 }
 
+func (ip IP) IsMostLinkLocalUnicast() bool {
+	return ip.IsLinkLocalUnicast() && ip != 0xA9FEA9FE
+}
+
 // IPProto is either a real IP protocol (ITCP, UDP, ...) or an special value like Unknown.
 // If it is a real IP protocol, its value corresponds to its IP protocol number.
 type IPProto uint8