diff --git a/group_vars/dnagw.yml b/group_vars/dnagw.yml
index d6f1446..36e764b 100644
--- a/group_vars/dnagw.yml
+++ b/group_vars/dnagw.yml
@@ -45,7 +45,7 @@ unbound_zones:
   - home.foo.sh
 
 # use custom firewall config
-firewall_src: pf.conf.gw_home.j2
+firewall_src: pf.conf.gw_dna.j2
 
 # unbound config
 unbound_config: unbound.conf.dna.j2
diff --git a/group_vars/fsolgw.yml b/group_vars/fsolgw.yml
index 6012a52..7022257 100644
--- a/group_vars/fsolgw.yml
+++ b/group_vars/fsolgw.yml
@@ -9,5 +9,5 @@ network_vip_interfaces:
     pass: "{{ vip145_pass }}"
 
 # use custom firewall and ifstated config
-firewall_src: pf.conf.gw_fsol
+firewall_src: pf.conf.gw_fsol.j2
 ifstated_config: ifstated-fsol.conf
diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml
index 588dac6..1b40203 100644
--- a/roles/pf/tasks/main.yml
+++ b/roles/pf/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Copy pf.conf
-  ansible.builtin.copy:
+  ansible.builtin.template:
     src: "{{ firewall_src }}"
     dest: /etc/pf.conf
     mode: "0600"
diff --git a/roles/pf/files/pf.conf.gw_home b/roles/pf/templates/pf.conf.gw_dna.j2
similarity index 100%
rename from roles/pf/files/pf.conf.gw_home
rename to roles/pf/templates/pf.conf.gw_dna.j2
diff --git a/roles/pf/files/pf.conf.gw_fsol b/roles/pf/templates/pf.conf.gw_fsol.j2
similarity index 100%
rename from roles/pf/files/pf.conf.gw_fsol
rename to roles/pf/templates/pf.conf.gw_fsol.j2