diff --git a/leak-checker/src/traceroute.rs b/leak-checker/src/traceroute.rs
index a40eaca131c8..667e60a30fd3 100644
--- a/leak-checker/src/traceroute.rs
+++ b/leak-checker/src/traceroute.rs
@@ -273,9 +273,10 @@ async fn send_icmp_probes<Impl: Traceroute>(
         };
 
         match e.kind() {
-            io::ErrorKind::PermissionDenied => {
-                // Linux returns this error if our packet was rejected by nftables.
-                log::debug!("send_to failed with 'permission denied'");
+            io::ErrorKind::PermissionDenied | io::ErrorKind::ConnectionRefused => {
+                // Linux returns one of these errors if our packet was rejected by nftables.
+                log::debug!("send_to failed, was probably caught by firewall");
+                break;
             }
             _ => return Err(e).context("Failed to send packet")?,
         }
diff --git a/leak-checker/src/traceroute/platform/linux.rs b/leak-checker/src/traceroute/platform/linux.rs
index 3c5012298b14..4a56d2a9abc4 100644
--- a/leak-checker/src/traceroute/platform/linux.rs
+++ b/leak-checker/src/traceroute/platform/linux.rs
@@ -159,9 +159,9 @@ async fn recv_ttl_responses(
         } = recv_packet;
 
         macro_rules! skip_if {
-            ($skip_condition:expr, $message:expr) => {{
+            ($skip_condition:expr, $note:expr) => {{
                 if $skip_condition {
-                    log::debug!("Ignoring received packet: {}", $skip_condition);
+                    log::debug!("Ignoring received message: {}", $note);
                     continue 'outer;
                 }
             }};