diff --git a/roles/pf/templates/pf.conf.gw_dna.j2 b/roles/pf/templates/pf.conf.gw_dna.j2
index 3f211fb..e9627b1 100644
--- a/roles/pf/templates/pf.conf.gw_dna.j2
+++ b/roles/pf/templates/pf.conf.gw_dna.j2
@@ -43,7 +43,8 @@ antispoof for vio1
 pass in quick on $int_if proto tcp from $int_net to self port ssh
 pass in quick on $ext_if proto tcp from 37.35.86.64/29 to self port ssh
 pass in quick on $ext_if proto tcp from 37.16.96.144/28 to self port ssh
-pass in quick on $ext_if proto tcp from 212.149.225.198/32 to self port ssh
+pass in quick on $ext_if proto tcp from {{ gw_home_ip }}/32 to self port ssh
+pass in quick on $ext_if proto tcp from {{ gw_lan_ip }}/32 to self port ssh
 
 # node_exporter and unbound_exporter from internal network
 pass in quick on $int_if proto tcp from $int_net to self port 9100