diff --git a/infra/common/nixos/nftables-ruleset.nft b/infra/common/nixos/nftables-ruleset.nft
index 985240f5..0bd23c33 100644
--- a/infra/common/nixos/nftables-ruleset.nft
+++ b/infra/common/nixos/nftables-ruleset.nft
@@ -43,7 +43,7 @@ table inet filter {
         ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-solicit,  nd-router-advert, nd-neighbor-advert, packet-too-big, parameter-problem, time-exceeded } accept
 
         # open tcp ports: sshd (22)
-        tcp dport ssh accept
+        tcp dport {ssh} accept
 
         # open tcp ports: snmp (161)
         ip saddr $snmp_allow udp dport {snmp} accept