diff --git a/roles/firewall_nft/defaults/main.yml b/roles/firewall_nft/defaults/main.yml
index ffd93c6..98eb34c 100644
--- a/roles/firewall_nft/defaults/main.yml
+++ b/roles/firewall_nft/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 firewall_nft_table_name: sce_table
 firewall_nft_table_filename: sce-port-mapping
+firewall_nft_port_mapping: []
diff --git a/roles/firewall_nft/templates/nft.conf.j2 b/roles/firewall_nft/templates/nft.conf.j2
index c8b31a9..9f24e20 100644
--- a/roles/firewall_nft/templates/nft.conf.j2
+++ b/roles/firewall_nft/templates/nft.conf.j2
@@ -17,7 +17,7 @@ table inet {{ firewall_nft_table_name }} {
   chain sce_port_mapping {
     type nat hook prerouting priority filter + 1;
     policy accept;
-{% for item in port_mapping %}
+{% for item in firewall_nft_port_mapping %}
 {% set from_port, to_port = item.split(':') %}
     tcp dport {{ from_port }} counter redirect to :{{ to_port }}
 {% endfor %}