diff --git a/files/firewall b/files/firewall
index 36f3aa1..61ece0f 100755
--- a/files/firewall
+++ b/files/firewall
@@ -59,7 +59,7 @@ case $1 in
         ip6tables -A INPUT                               -p udp  --dport   500 --sport  500                     -j ACCEPT   # ipsec
         ip6tables -A INPUT                               -p udp  --dport  4500 --sport 4500                     -j ACCEPT   # ipsec
         ip6tables -A INPUT                               -p ipv6-icmp                                           -j ACCEPT   # ping
-        ip6tables -A INPUT -s 2604:bbc0:0:113::1         -p tcp  --sport    22                                  -j ACCEPT   # ssh from bastion
+        ip6tables -A INPUT -s 2604:bbc0:0:113::1         -p tcp  --dport    22                                  -j ACCEPT   # ssh from bastion
         ip6tables -A INPUT -s 2604:bbc0:0:113::1         -p udp  --sport    53                                  -j ACCEPT   # dns replies from bastion
         ip6tables -A INPUT -s 2001:67c:1560:8003::c7     -p udp  --sport   123                                  -j ACCEPT   # ntp
         ip6tables -A INPUT -s 2001:67c:1560:8003::c8     -p udp  --sport   123                                  -j ACCEPT   # ntp