diff --git a/playbooks/roles/iptables/templates/rules.v6.j2 b/playbooks/roles/iptables/templates/rules.v6.j2
index 64671e09cf..58a876af5a 100644
--- a/playbooks/roles/iptables/templates/rules.v6.j2
+++ b/playbooks/roles/iptables/templates/rules.v6.j2
@@ -28,9 +28,9 @@
 {% endfor -%}
 {% endfor -%}
 {% for group in iptables_allowed_groups -%}
-{% for addr in groups.get(group.group) | map('extract', hostvars, 'public_v6') -%}
-{% if addr -%}
--A openstack-INPUT {% if group.protocol == 'tcp' %}-m state --state NEW {% endif %} -m {{ group.protocol }} -p {{ group.protocol }} -s {{ addr }} --dport {{ group.port }} -j ACCEPT
+{% for host in groups.get(group.group, []) -%}
+{% if hostvars[host]['public_v6'] | default(False) -%}
+-A openstack-INPUT {% if group.protocol == 'tcp' %}-m state --state NEW {% endif %} -m {{ group.protocol }} -p {{ group.protocol }} -s {{ hostvars[host]['public_v6'] }} --dport {{ group.port }} -j ACCEPT
 {% endif -%}
 {% endfor -%}
 {% endfor -%}