diff --git a/roles/base/templates/iptables/ip6tables b/roles/base/templates/iptables/ip6tables
index 4d85a04a17..49db2f7851 100644
--- a/roles/base/templates/iptables/ip6tables
+++ b/roles/base/templates/iptables/ip6tables
@@ -21,7 +21,7 @@
 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
 
 # if the host/group defines incoming tcp_ports - allow them
-{% if tcp6_ports is defined %}
+{% if tcp_ports is defined %}
 {% for port in tcp_ports %}
 -A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT
 {% endfor %}