diff --git a/roles/iptables/templates/ip6tables.rules.j2 b/roles/iptables/templates/ip6tables.rules.j2
index 9ac672a..92a3d0d 100644
--- a/roles/iptables/templates/ip6tables.rules.j2
+++ b/roles/iptables/templates/ip6tables.rules.j2
@@ -18,18 +18,18 @@ COMMIT
 -A INPUT -p ipv6-icmp --icmpv6-type 128 -m conntrack --ctstate NEW -j ACCEPT
 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
 -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
+{% if kdeconnect.open_ports is defined and kdeconnect.open_ports == True %}
+-A INPUT -p tcp -m tcp --dport 1714:1764 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A INPUT -p udp -m udp --dport 1714:1764 -m state --state NEW,ESTABLISHED -j ACCEPT
+{% endif %}
+{% if syncthing.open_ports is defined and syncthing.open_ports == True %}
+-A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT
+-A INPUT -p udp -m udp --dport 21027 -j ACCEPT
+{% endif %}
 -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
 -A INPUT -p tcp -j REJECT --reject-with tcp-reset
 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
 {% if ssh.enable_sshd %}
 -A TCP -p tcp -m tcp --dport {{ ssh.port }} -j ACCEPT
 {% endif %}
-{% if syncthing.open_ports is defined and syncthing.open_ports == True %}
--A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT
--A INPUT -p udp -m udp --dport 21027 -j ACCEPT
-{% endif %}
-{% if kdeconnect.open_ports is defined and kdeconnect.open_ports == True %}
--A INPUT -p tcp -m tcp --dport 1714:1764 -j ACCEPT
--A INPUT -p udp -m udp --dport 1714:1764 -j ACCEPT
-{% endif %}
 COMMIT
diff --git a/roles/iptables/templates/iptables.rules.j2 b/roles/iptables/templates/iptables.rules.j2
index 20ee261..9583008 100644
--- a/roles/iptables/templates/iptables.rules.j2
+++ b/roles/iptables/templates/iptables.rules.j2
@@ -15,15 +15,15 @@
 -A INPUT -p tcp -m tcp --dport 1714:1764 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A INPUT -p udp -m udp --dport 1714:1764 -m state --state NEW,ESTABLISHED -j ACCEPT
 {% endif %}
+{% if syncthing.open_ports is defined and syncthing.open_ports == True %}
+-A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT
+-A INPUT -p udp -m udp --dport 22000 -j ACCEPT
+-A INPUT -p udp -m udp --dport 21027 -j ACCEPT
+{% endif %}
 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -p tcp -j REJECT --reject-with tcp-reset
 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
 {% if ssh.enable_sshd %}
 -A TCP -p tcp -m tcp --dport {{ ssh.port }} -j ACCEPT
 {% endif %}
-{% if syncthing.open_ports is defined and syncthing.open_ports == True %}
--A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT
--A INPUT -p udp -m udp --dport 22000 -j ACCEPT
--A INPUT -p udp -m udp --dport 21027 -j ACCEPT
-{% endif %}
 COMMIT