diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 694636c6..0f39a334 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -531,11 +531,10 @@ in
     iptables.sandbox.capabilities = [ "net_admin" ];
 
     # iputils provides `ping` (and arping, clockdiff, tracepath)
-    # TODO: still being shadowed by non-sandboxed iputils
-    # iputils.sandbox.method = "landlock";
-    # iputils.sandbox.wrapperType = "wrappedDerivation";
-    # iputils.sandbox.net = "all";
-    # iputils.sandbox.capabilities = [ "net_raw" ];
+    iputils.sandbox.method = "landlock";
+    iputils.sandbox.wrapperType = "wrappedDerivation";
+    iputils.sandbox.net = "all";
+    iputils.sandbox.capabilities = [ "net_raw" ];
 
     iw.sandbox.method = "landlock";
     iw.sandbox.wrapperType = "wrappedDerivation";