diff --git a/firewall/interception.go b/firewall/interception.go
index f758101f..6c6f7566 100644
--- a/firewall/interception.go
+++ b/firewall/interception.go
@@ -264,7 +264,7 @@ func getConnectionByID(id string) (*network.Connection, error) {
 		return nil, errors.New("connection does not exist")
 	}
 
-	connection := connPtr.(*network.Connection)
+	connection := connPtr.(*network.Connection) //nolint:forcetypeassert // Can only be a *network.Connection.
 	return connection, nil
 }
 
@@ -494,7 +494,7 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) {
 	// Check if connection should be tunneled.
 	checkTunneling(pkt.Ctx(), conn, pkt)
 
-	updateVerdictBasedOnPreviousState(conn, pkt)
+	updateVerdictBasedOnPreviousState(conn)
 
 	switch {
 	case conn.Inspecting:
@@ -581,14 +581,15 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
 	}
 }
 
-func updateVerdictBasedOnPreviousState(conn *network.Connection, pkt packet.Packet) {
+func updateVerdictBasedOnPreviousState(conn *network.Connection) {
 	// previously accepted or tunneled connections may need to be blocked
 	if conn.Verdict.Current == network.VerdictAccept {
-		if conn.Verdict.Previous == network.VerdictRerouteToTunnel && !conn.Tunneled {
+		switch {
+		case conn.Verdict.Previous == network.VerdictRerouteToTunnel && !conn.Tunneled:
 			conn.SetVerdictDirectly(network.VerdictBlock)
-		} else if conn.Verdict.Previous == network.VerdictAccept && conn.Tunneled {
+		case conn.Verdict.Previous == network.VerdictAccept && conn.Tunneled:
 			conn.SetVerdictDirectly(network.VerdictBlock)
-		} else if conn.Tunneled {
+		case conn.Tunneled:
 			conn.SetVerdictDirectly(network.VerdictRerouteToTunnel)
 		}
 	}
diff --git a/firewall/interception/interception_linux.go b/firewall/interception/interception_linux.go
index d0f7f5e8..2223890e 100644
--- a/firewall/interception/interception_linux.go
+++ b/firewall/interception/interception_linux.go
@@ -15,7 +15,7 @@ func stop() error {
 	return StopNfqueueInterception()
 }
 
-// ResetAllConnections resets all connections so they are forced to go thought the firewall again
+// ResetAllConnections resets all connections so they are forced to go thought the firewall again.
 func ResetAllConnections() error {
 	return nfq.DeleteAllMarkedConnection()
 }