diff --git a/roles/firewall/templates/nftables.nft.j2 b/roles/firewall/templates/nftables.nft.j2
index bff0c10..5afa559 100644
--- a/roles/firewall/templates/nftables.nft.j2
+++ b/roles/firewall/templates/nftables.nft.j2
@@ -74,7 +74,7 @@ table inet filter {
         # allow SSH connections from firewall master’s IPs
 {% for iface in hostvars[master].interfaces %}
 {% for address in iface.ip_addresses %}
-        tcp dport ssh {{ 'ip' if address.family.value == 4 else 'ip6' }} saddr {{ address.address | ipaddr('address')  }} accept
+        tcp dport ssh {{ 'ip' if address.family.value == 4 else 'ip6' }} saddr {{ address.address | ipaddr('address') }} accept
 {% for nat_address in address.nat_outside %}
         tcp dport ssh ip saddr {{ nat_address.address | ipaddr('address') }} accept
 {% endfor %}