diff --git a/roles/firewall/templates/nftables.nft.j2 b/roles/firewall/templates/nftables.nft.j2
index bc45c0b..bd37e3a 100644
--- a/roles/firewall/templates/nftables.nft.j2
+++ b/roles/firewall/templates/nftables.nft.j2
@@ -149,7 +149,7 @@ table inet filter {
 table inet wireguard {
     chain input {
         type filter hook prerouting priority raw; policy accept
-        udp dport 51820 notrack \
+        ip daddr {{ wg_ip | ipaddr('address') }} udp dport 51820 notrack \
         comment "Disable connection tracking for wireguard"
     }
     chain output {