diff --git a/files/rootwrap.d/dhcp.filters b/files/rootwrap.d/dhcp.filters
index 24404f59..d48d2eac 100644
--- a/files/rootwrap.d/dhcp.filters
+++ b/files/rootwrap.d/dhcp.filters
@@ -22,9 +22,13 @@ mm-ctl: CommandFilter, mm-ctl, root
 dhcp_release: CommandFilter, dhcp_release, root
 dhcp_release6: CommandFilter, dhcp_release6, root
 
-# metadata proxy
-metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
+# haproxy
+haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
+kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
 # RHEL invocation of the metadata proxy will report /usr/bin/python
+# TODO(dalvarez): Remove kill_metadata* filters in Q release since
+# neutron-ns-metadata-proxy is now replaced by haproxy. We keep them for now
+# for the migration process
 kill_metadata: KillFilter, root, python, -9
 kill_metadata7: KillFilter, root, python2.7, -9
 kill_metadata35: KillFilter, root, python3.5, -9
diff --git a/files/rootwrap.d/dibbler.filters b/files/rootwrap.d/dibbler.filters
index eea55252..7ba7015c 100644
--- a/files/rootwrap.d/dibbler.filters
+++ b/files/rootwrap.d/dibbler.filters
@@ -14,3 +14,4 @@
 
 # prefix_delegation_agent
 dibbler-client: CommandFilter, dibbler-client, root
+kill_dibbler-client: KillFilter, root, dibbler-client, -9
diff --git a/files/rootwrap.d/iptables-firewall.filters b/files/rootwrap.d/iptables-firewall.filters
index 0a81f9dd..3960a786 100644
--- a/files/rootwrap.d/iptables-firewall.filters
+++ b/files/rootwrap.d/iptables-firewall.filters
@@ -20,8 +20,5 @@ ip6tables-restore: CommandFilter, ip6tables-restore, root
 iptables: CommandFilter, iptables, root
 ip6tables: CommandFilter, ip6tables, root
 
-# neutron/agent/linux/iptables_firewall.py
-sysctl: CommandFilter, sysctl, root
-
 # neutron/agent/linux/ip_conntrack.py
 conntrack: CommandFilter, conntrack, root
diff --git a/files/rootwrap.d/l3.filters b/files/rootwrap.d/l3.filters
index de4590ec..a0a86e60 100644
--- a/files/rootwrap.d/l3.filters
+++ b/files/rootwrap.d/l3.filters
@@ -16,9 +16,13 @@ sysctl: CommandFilter, sysctl, root
 route: CommandFilter, route, root
 radvd: CommandFilter, radvd, root
 
-# metadata proxy
-metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
+# haproxy
+haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
+kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
 # RHEL invocation of the metadata proxy will report /usr/bin/python
+# TODO(dalvarez): Remove kill_metadata* filters in Q release since
+# neutron-ns-metadata-proxy is now replaced by haproxy. We keep them for now
+# for the migration process
 kill_metadata: KillFilter, root, python, -15, -9
 kill_metadata7: KillFilter, root, python2.7, -15, -9
 kill_metadata35: KillFilter, root, python3.5, -15, -9