diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index fcd6c8c122..885f12e392 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -104,6 +104,7 @@ static int ebiptablesDriverInit(void);
 static void ebiptablesDriverShutdown(void);
 static int ebtablesCleanAll(const char *ifname);
 
+static virMutex execCLIMutex;
 
 struct ushort_map {
     unsigned short attr;
@@ -2309,8 +2310,13 @@ ebiptablesExecCLI(virBufferPtr buf,
         return 1;
 
     argv[0] = filename;
+
+    virMutexLock(&execCLIMutex);
+
     rc = virRun(argv, status);
 
+    virMutexUnlock(&execCLIMutex);
+
     *status >>= 8;
 
     VIR_DEBUG("rc = %d, status = %d",rc, *status);
@@ -3163,8 +3169,9 @@ tear_down_tmpebchains:
     ebiptablesExecCLI(&buf, &cli_status);
 
     virNWFilterReportError(VIR_ERR_BUILD_FIREWALL,
-                           "%s",
-                           _("Some rules could not be created."));
+                           _("Some rules could not be created for "
+                             "interface %s."),
+                           ifname);
 
     return 1;
 }
@@ -3364,6 +3371,9 @@ ebiptablesDriverInit(void)
     virBuffer buf = VIR_BUFFER_INITIALIZER;
     int cli_status;
 
+    if (virMutexInit(&execCLIMutex))
+        return EINVAL;
+
     bash_cmd_path = virFindFileInPath("bash");
     gawk_cmd_path = virFindFileInPath("gawk");
     grep_cmd_path = virFindFileInPath("grep");