diff --git a/defaults/main.yml b/defaults/main.yml
index db1d9e3658814b8d90377487aba1d7f251888c33..a77baa98c67ed46454ddaa8b85f674b2884141d7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -10,6 +10,11 @@ lan_port: ens224
 #   dnat:
 #     - dport: 6443
 #       to: 192.168.69.1:6443
+#   accept:
+#     - saddr: 152.66.0.0/16
+#       dport: 10022
+#     - saddr: 10.0.0.0/8
+#       dport: 10022
 
 # netplan:
 #   network:
diff --git a/templates/etc/nftables.conf.j2 b/templates/etc/nftables.conf.j2
index f72e107c6ceeb41f45948e6da1dc0d5ddd172478..68a66f90b61c626fe2f7bc5e50d9b32530dabedd 100644
--- a/templates/etc/nftables.conf.j2
+++ b/templates/etc/nftables.conf.j2
@@ -22,7 +22,11 @@ table inet filter {
 
     ip protocol icmp accept
 
-    tcp dport {{ ssh_port | default("10022", true) }} accept comment "SSH in"
+{% if nftables.accept is defined %}
+{% for accept in nftables.accept %}
+    ip saddr {{ accept.saddr }} tcp dport {{ accept.dport }} accept comment "{{ accept.comment }}"
+{% endfor %}
+{% endif %}    
   }
 
   chain forward {