diff --git a/etc/nftables/nftables-discuss.conf b/etc/nftables/nftables-discuss.conf
index d2357a7..64d0437 100644
--- a/etc/nftables/nftables-discuss.conf
+++ b/etc/nftables/nftables-discuss.conf
@@ -49,7 +49,7 @@ table inet filter {
         fib daddr . iif type != { local, broadcast, multicast } counter drop
 
         # IPv6 interacts badly with IP-based spam filtering
-        meta nfproto ipv6 tcp dport {80, 443} drop
+        meta nfproto ipv6 tcp dport { 80, 443 } drop
 
         # handle new TCP connections beyond rate limit via synproxy to avoid conntrack table exhaustion
         tcp dport $tcp-ports-full tcp flags syn limit rate over {{synproxy_threshold}}/second burst {{synproxy_threshold}} packets counter notrack accept