diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2
index eef575d..54b4efc 100644
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -200,6 +200,7 @@ config rule
 	option dest_port '80 443'
 	option target 'ACCEPT'
 	option family 'ipv6'
+
 {% endfor %}
 
 # Allow traffic to and from bt.dmz.mateu.be
@@ -256,6 +257,7 @@ config rule
 	option dest_port '8006'
 	option target 'ACCEPT'
 	option family 'ipv6'
+
 {% endfor %}
 
 # Allow XMPP traffic
@@ -534,39 +536,31 @@ config zone
 	option input 'ACCEPT'
 	option output 'ACCEPT'
 	option forward 'ACCEPT'
-	option network 'lan'
+	list network 'lan'
 
 config zone
 	option name 'dmz'
 	option input 'REJECT'
 	option output 'REJECT'
 	option forward 'REJECT'
-	option network 'dmz'
+	list network 'dmz'
 
 config zone
 	option name 'iot'
 	option input 'REJECT'
 	option output 'REJECT'
 	option forward 'REJECT'
-	option network 'iot'
+	list network 'iot'
 
 config zone
 	option name 'wan'
 	option input 'REJECT'
 	option output 'ACCEPT'
 	option forward 'REJECT'
-	option network 'vpn'
-	option masq '1'
-	option mtu_fix '1'
-
-config zone
-	option name 'orig'
-	option input 'REJECT'
-	option output 'ACCEPT'
-	option forward 'REJECT'
-	option network 'wan'
 	option masq '1'
 	option mtu_fix '1'
+	list network 'wan'
+	list network 'wan6'
 
 config forwarding
 	option src 'lan'
@@ -579,7 +573,3 @@ config forwarding
 config forwarding
 	option src 'lan'
 	option dest 'iot'
-
-config forwarding
-	option src 'lan'
-	option dest 'orig'