diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index f31e94db..37b51ba1 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -241,7 +241,13 @@
 {% for tcp_rule in iptables.tcp %}
 {% if tcp_rule.allowed_hosts is defined %}
 {% for ip in tcp_rule.allowed_hosts %}
+{% if ip is string %}
 -A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport {{ tcp_rule.port }} -j ACCEPT
+{% else %}
+{% for ip_really in ip  %}
+-A INPUT -m state --state NEW -s {{ ip_really }} -p tcp -m tcp --dport {{ tcp_rule.port }} -j ACCEPT
+{% endfor %}
+{% endif %}
 {% endfor %}
 {% else %}
 -A INPUT -m state --state NEW -m tcp -p tcp --dport {{ tcp_rule.port }} -j ACCEPT
@@ -253,7 +259,13 @@
 {% for udp_rule in iptables.udp %}
 {% if udp_rule.allowed_hosts is defined %}
 {% for ip in udp_rule.allowed_hosts %}
+{% if ip is string %}
 -A INPUT -s {{ ip }} -p udp -m udp --dport {{ udp_rule.port }}  -j ACCEPT
+{% else %}
+{% for ip_really in ip  %}
+-A INPUT -s {{ ip_really }} -p udp -m udp --dport {{ udp_rule.port }}  -j ACCEPT
+{% endfor %}
+{% endif %}
 {% endfor %}
 {% else %}
 -A INPUT -p udp -m udp --dport {{ udp_rule.port }}  -j ACCEPT