diff --git a/group_vars/bank.yaml b/group_vars/bank.yaml
new file mode 100644
index 0000000..29bf37c
--- /dev/null
+++ b/group_vars/bank.yaml
@@ -0,0 +1,3 @@
+---
+
+nft: true
diff --git a/group_vars/fotos.yaml b/group_vars/fotos.yaml
index 5a9ca68..c69812c 100644
--- a/group_vars/fotos.yaml
+++ b/group_vars/fotos.yaml
@@ -1,6 +1,9 @@
+
 root_access:
   - ak
   - foobar
   - linor
   - polyfloyd
   - wilco
+
+nft: true
diff --git a/group_vars/git-ci.yaml b/group_vars/git-ci.yaml
index 18ed638..1e5fdac 100644
--- a/group_vars/git-ci.yaml
+++ b/group_vars/git-ci.yaml
@@ -1 +1,5 @@
+---
+
 forgejo_url: https://git.bitlair.nl
+
+nft: false
diff --git a/group_vars/lights.yaml b/group_vars/lights.yaml
new file mode 100644
index 0000000..29bf37c
--- /dev/null
+++ b/group_vars/lights.yaml
@@ -0,0 +1,3 @@
+---
+
+nft: true
diff --git a/group_vars/mqtt.yaml b/group_vars/mqtt.yaml
new file mode 100644
index 0000000..dd9db4a
--- /dev/null
+++ b/group_vars/mqtt.yaml
@@ -0,0 +1,6 @@
+---
+
+nft: true
+
+nft_group_rules:
+  - { version: "ip6", from: [ '2001:470:7f95::/48' ], port: "1883" }
diff --git a/roles/nft/templates/nftables.conf.j2 b/roles/nft/templates/nftables.conf.j2
index dce3e2a..23481bb 100644
--- a/roles/nft/templates/nftables.conf.j2
+++ b/roles/nft/templates/nftables.conf.j2
@@ -81,7 +81,7 @@ set trusted6 {
 {%     if custom.comment is defined %}
         # {{ custom.comment|default('') }}
 {%     endif %}
-        ip saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }}
+        {{ custom.version|default('ip') }} saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }}
 
 {% endfor %}