diff --git a/roles/common/templates/nftables.conf.j2 b/roles/common/templates/nftables.conf.j2
index 06f70c8..16754f5 100755
--- a/roles/common/templates/nftables.conf.j2
+++ b/roles/common/templates/nftables.conf.j2
@@ -13,20 +13,20 @@ include "/etc/nftables/spamhaus-ipv6.nft"
 #   - tables hold chains, chains hold rules
 #   - inet is for both ipv4 and ipv6
 table inet filter {
-	set spamhaus-ipv4 {
-		type ipv4_addr
+    set spamhaus-ipv4 {
+        type ipv4_addr
         # if the set contains prefixes we need to use the interval flag
         flags interval
-		elements = $SPAMHAUS_IPV4
-	}
+        elements = $SPAMHAUS_IPV4
+    }
 
-	set spamhaus-ipv6 {
-		type ipv6_addr
+    set spamhaus-ipv6 {
+        type ipv6_addr
         flags interval
-		elements = $SPAMHAUS_IPV6
-	}
+        elements = $SPAMHAUS_IPV6
+    }
 
-	chain input {
+    chain input {
         type filter hook input priority 0;
 
         # Allow traffic from established and related packets.
@@ -74,14 +74,14 @@ table inet filter {
 
         # everything else
         reject with icmpx type port-unreachable
-	}
-	chain forward {
-		type filter hook forward priority 0;
-	}
-	chain output {
-		type filter hook output priority 0;
+    }
+    chain forward {
+        type filter hook forward priority 0;
+    }
+    chain output {
+        type filter hook output priority 0;
         # Drop outgoing packets matching the spamhaus sets too
         ip daddr @spamhaus-ipv4 counter drop
         ip6 daddr @spamhaus-ipv6 counter drop
-	}
+    }
 }