diff --git a/roles/iptables/templates/ip6tables.j2 b/roles/iptables/templates/ip6tables.j2
index 65614fb..18ed493 100644
--- a/roles/iptables/templates/ip6tables.j2
+++ b/roles/iptables/templates/ip6tables.j2
@@ -9,13 +9,13 @@
 {{ rule }}
 {% endfor %}
 {% for rule in firewall_in %}
-  {% if rule.from is defined %}
-    {% for from in rule.from | ipv6 %}
+{%   if rule.from is defined %}
+{%     for from in rule.from | ipv6 %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} -s {{ from }} --dport {{ rule.port }} -j ACCEPT
-    {% endfor %}
-  {% else %}
+{%     endfor %}
+{%   else %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} --dport {{ rule.port }} -j ACCEPT
-  {% endif %}
+{%   endif %}
 {% endfor %}
 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
 -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
diff --git a/roles/iptables/templates/iptables.j2 b/roles/iptables/templates/iptables.j2
index c20789f..4bbf67e 100644
--- a/roles/iptables/templates/iptables.j2
+++ b/roles/iptables/templates/iptables.j2
@@ -9,13 +9,13 @@
 {{ rule }}
 {% endfor %}
 {% for rule in firewall_in %}
-  {% if rule.from is defined %}
-    {% for from in rule.from | ipv4 %}
+{%   if rule.from is defined %}
+{%     for from in rule.from | ipv4 %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} -s {{ from }} --dport {{ rule.port }} -j ACCEPT
-    {% endfor %}
-  {% else %}
+{%     endfor %}
+{%   else %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} --dport {{ rule.port }} -j ACCEPT
-  {% endif %}
+{%   endif %}
 {% endfor %}
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited