diff --git a/roles/nftables/templates/nftables.j2 b/roles/nftables/templates/nftables.j2
index 8a4e4a3..a9f8328 100644
--- a/roles/nftables/templates/nftables.j2
+++ b/roles/nftables/templates/nftables.j2
@@ -84,32 +84,32 @@ table inet filter {
         ip6 saddr @blackhole6 counter drop
 
         # Drop future attempts on opened ports if there are already 3 established connections
-{% if opened_ports.tcp is sequence and opened_ports.tcp | length > 0 -%}
+{% if opened_ports.tcp is sequence and opened_ports.tcp | length > 0 %}
         tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \
             add @connlimit { ip saddr ct count over 3 } drop
         tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \
             add @connlimit6 { ip6 saddr ct count over 3 } drop
-{% endif -%}
-{% if opened_ports.udp is sequence and opened_ports.udp | length > 0 -%}
+{% endif %}
+{% if opened_ports.udp is sequence and opened_ports.udp | length > 0 %}
         udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \
             add @connlimit { ip saddr ct count over 3 } drop
         udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \
             add @connlimit6 { ip6 saddr ct count over 3 } drop
-{% endif -%}
+{% endif %}
 
         # Allow opened ports but also dynamically add them to the blacklist
-{% if opened_ports.tcp is sequence and opened_ports.tcp | length > 0 -%}
+{% if opened_ports.tcp is sequence and opened_ports.tcp | length > 0 %}
         tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \
             add @blackhole { ip saddr timeout 60s limit rate 10/second } accept
         tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \
             add @blackhole6 { ip6 saddr timeout 60s limit rate 10/second } accept
-{% endif -%}
-{% if opened_ports.udp is sequence and opened_ports.udp | length > 0 -%}
+{% endif %}
+{% if opened_ports.udp is sequence and opened_ports.udp | length > 0 %}
         udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \
             add @blackhole { ip saddr timeout 60s limit rate 10/second } accept
         udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \
             add @blackhole6 { ip6 saddr timeout 60s limit rate 10/second } accept
-{% endif -%}
+{% endif %}
     }
 
     chain forward {