diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index da910d4439a15a9149291dc4ee3a737360d70172..da084daef0876d26a860894fe15e9f31335e74c9 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -267,7 +267,7 @@
 - name: Verify maintenance_allowed_sources parameter
   fail:
     msg: "Items in maintenance_allowed_sources must IPv4/IPv6 addresses or subnets: {{ item }}"
-  when: "not (item | ipv4 or item | ipv6)"
+  when: "not (item is ansible.utils.ipv4_address or item is ansible.utils.ipv6_address)"
   with_items: "{{ maintenance_allowed_sources }}"
 
 - name: Deploy ferm base rules
diff --git a/roles/common/templates/00-base.conf.j2 b/roles/common/templates/00-base.conf.j2
index c51f83a0dc979c4ff3eedc6d6a46d6c64b02c5a4..ffd56460d951d7873482ba28f9c1f51089168644 100644
--- a/roles/common/templates/00-base.conf.j2
+++ b/roles/common/templates/00-base.conf.j2
@@ -41,7 +41,7 @@ domain ip {
         # Resume processing for allowed source addresses, otherwise drop packets.
         chain allowed_sources {
             {% for source in maintenance_allowed_sources %}
-                {% if source | ipv4 %}
+                {% if source is ansible.utils.ipv4_address %}
             saddr {{ source }} RETURN;
                 {% endif %}
             {% endfor %}
@@ -97,7 +97,7 @@ domain ip6 {
         # Resume processing for allowed source addresses, otherwise drop packets.
         chain allowed_sources {
             {% for source in maintenance_allowed_sources %}
-                {% if source | ipv6 %}
+                {% if source is ansible.utils.ipv4_address %}
             saddr {{ source }} RETURN;
                 {% endif %}
             {% endfor %}