diff --git a/conntrackt/templates/conntrackt/entity_iptables.html b/conntrackt/templates/conntrackt/entity_iptables.html
--- a/conntrackt/templates/conntrackt/entity_iptables.html
+++ b/conntrackt/templates/conntrackt/entity_iptables.html
@@ -1,15 +1,16 @@
 # iptables rules generated by conntrackt for {{entity}}
 *filter
 :INPUT ACCEPT [0:0]
-{% for interface in entity.interface_set.all %}{% for communication in interface.destination_set.all %}
-{% ifchanged communication.description %}
+{% for interface in entity.interface_set.all %}
+  {% for communication in interface.destination_set.all %}
+    {% ifchanged communication.description %}
 
-{% if communication.description %}
+      {% if communication.description %}
 # {{communication.description}}
-{% endif %}
-{% endifchanged %}
+      {% endif %}
+    {% endifchanged %}
 iptables -A INPUT -s {{communication.source.address}}/{{communication.source.netmask}} -p {{communication.protocol|lower}} -m {{communication.protocol|lower}} --dport {{communication.port}} -j ACCEPT
-{% endfor %}
+  {% endfor %}
 {% endfor %}
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]