diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index a30c1bb40c0..a82579d4e29 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -552,6 +552,10 @@ tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
 	if (sinp->sin_family == AF_INET
 	    && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr)))
 		return (EAFNOSUPPORT);
+	if ((sinp->sin_family == AF_INET) &&
+	    ((ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) ||
+	     (sinp->sin_addr.s_addr == INADDR_ANY)))
+		return(EAFNOSUPPORT);
 	if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0)
 		return (error);
 
@@ -652,6 +656,11 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
 			error = EAFNOSUPPORT;
 			goto out;
 		}
+		if ((ntohl(sin.sin_addr.s_addr) == INADDR_BROADCAST) ||
+		    (sin.sin_addr.s_addr == INADDR_ANY)) {
+			error = EAFNOSUPPORT;
+			goto out;
+		}
 		if ((error = prison_remote_ip4(td->td_ucred,
 		    &sin.sin_addr)) != 0)
 			goto out;
@@ -1024,6 +1033,13 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf *m,
 				error = EAFNOSUPPORT;
 				goto out;
 			}
+			if ((ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) ||
+			    (sinp->sin_addr.s_addr == INADDR_ANY)) {
+				if (m)
+					m_freem(m);
+				error = EAFNOSUPPORT;
+				goto out;
+			}
 			if ((error = prison_remote_ip4(td->td_ucred,
 			    &sinp->sin_addr))) {
 				if (m)