diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion
index 85dba30c4e..a8d9506bbf 100644
--- a/inventory/group_vars/bastion
+++ b/inventory/group_vars/bastion
@@ -7,7 +7,7 @@
 # allow ntp from internal RH 10 nets
 #
 custom_rules: ['-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT']
-nft_custom_rules:
+nft_block_rules:
   - 'add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type host-prohibited'
   - 'add rule ip filter INPUT ip saddr 10.0.0.0/8 udp dport 123 counter accept'
 #
diff --git a/inventory/group_vars/bastion_stg b/inventory/group_vars/bastion_stg
index d2fa190069..2338bb77c0 100644
--- a/inventory/group_vars/bastion_stg
+++ b/inventory/group_vars/bastion_stg
@@ -18,7 +18,7 @@ batcave_ipa_client_shell_groups: []
 # allow ntp from internal RH 10 nets
 #
 custom_rules: ['-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT']
-nft_custom_rules:
+nft_block_rules:
  - 'add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type host-prohibited'
  - 'add rule ip filter INPUT ip saddr 10.0.0.0/8 udp dport 123 counter accept'
 #