diff --git a/nftables-attestation.conf b/nftables-attestation.conf
index cfc3a6e..e0a7a8f 100644
--- a/nftables-attestation.conf
+++ b/nftables-attestation.conf
@@ -24,7 +24,8 @@ table inet filter {
         policy drop
 
         iif lo accept
-        tcp dport {22, 80, 443} accept
+        tcp dport {22, 80, 443} ip daddr {{ipv4_address}} accept
+        tcp dport {22, 80, 443} ip6 daddr {{ipv6_address}} accept
         meta l4proto {icmp, ipv6-icmp} accept
 
         ct state vmap { invalid : drop, established : accept, related : accept }
diff --git a/nftables-discuss.conf b/nftables-discuss.conf
index 042fd0b..0aeed70 100644
--- a/nftables-discuss.conf
+++ b/nftables-discuss.conf
@@ -24,7 +24,8 @@ table inet filter {
         policy drop
 
         iif lo accept
-        tcp dport {22, 80, 443} accept
+        tcp dport {22, 80, 443} ip daddr {{ipv4_address}} accept
+        tcp dport {22, 80, 443} ip6 daddr {{ipv6_address}} accept
         meta l4proto {icmp, ipv6-icmp} accept
 
         ct state vmap { invalid : drop, established : accept, related : accept }
diff --git a/nftables-dns.conf b/nftables-dns.conf
index 3744af7..fdfe49b 100644
--- a/nftables-dns.conf
+++ b/nftables-dns.conf
@@ -26,8 +26,10 @@ table inet filter {
         policy drop
 
         iif lo accept
-        udp dport 53 accept
-        tcp dport {22, 53} accept
+        udp dport 53 ip daddr {{ipv4_address}} accept
+        udp dport 53 ip6 daddr {{ipv6_address}} accept
+        tcp dport {22, 53} ip daddr {{ipv4_address}} accept
+        tcp dport {22, 53} ip6 daddr {{ipv6_address}} accept
         meta l4proto {icmp, ipv6-icmp} accept
 
         ct state vmap { invalid : drop, established : accept, related : accept }
diff --git a/nftables-mail.conf b/nftables-mail.conf
index 587a602..4aac75b 100644
--- a/nftables-mail.conf
+++ b/nftables-mail.conf
@@ -24,7 +24,8 @@ table inet filter {
         policy drop
 
         iif lo accept
-        tcp dport {22, 25, 80, 465, 993} accept
+        tcp dport {22, 25, 80, 465, 993} ip daddr {{ipv4_address}} accept
+        tcp dport {22, 25, 80, 465, 993} ip6 daddr {{ipv6_address}} accept
         meta l4proto {icmp, ipv6-icmp} accept
 
         ct state vmap { invalid : drop, established : accept, related : accept }
diff --git a/nftables-matrix.conf b/nftables-matrix.conf
index 002b28c..c66699a 100644
--- a/nftables-matrix.conf
+++ b/nftables-matrix.conf
@@ -24,7 +24,8 @@ table inet filter {
         policy drop
 
         iif lo accept
-        tcp dport {22, 80, 443} accept
+        tcp dport {22, 80, 443} ip daddr {{ipv4_address}} accept
+        tcp dport {22, 80, 443} ip6 daddr {{ipv6_address}} accept
         meta l4proto {icmp, ipv6-icmp} accept
 
         ct state vmap { invalid : drop, established : accept, related : accept }
diff --git a/nftables-web.conf b/nftables-web.conf
index 2b95466..1302bf0 100644
--- a/nftables-web.conf
+++ b/nftables-web.conf
@@ -24,7 +24,8 @@ table inet filter {
         policy drop
 
         iif lo accept
-        tcp dport {22, 80, 443} accept
+        tcp dport {22, 80, 443} ip daddr {{ipv4_address}} accept
+        tcp dport {22, 80, 443} ip6 daddr {{ipv6_address}} accept
         meta l4proto {icmp, ipv6-icmp} accept
 
         ct state vmap { invalid : drop, established : accept, related : accept }