diff --git a/roles/base/templates/firewall/03allow-cluster b/roles/base/templates/firewall/03allow-cluster
index 8277aae7d433ce286ae6ffc127e25a263e899303..153fd523da6bc2550f56bf22d3d6d4f1768b007b 100644
--- a/roles/base/templates/firewall/03allow-cluster
+++ b/roles/base/templates/firewall/03allow-cluster
@@ -4,10 +4,10 @@
 create_chain allow-cluster
 {% for host in groups['all']|sort %}
 # {{ host }}
-{% for addr in hostvars[host]['ansible_all_ipv4_addresses'] %}
+{% for addr in hostvars[host]['ansible_all_ipv4_addresses'] | sort %}
 add_rule4 -A allow-cluster -s {{ addr }} -j ACCEPT
 {% endfor %}
-{% for addr in hostvars[host]['ansible_all_ipv6_addresses'] %}
+{% for addr in hostvars[host]['ansible_all_ipv6_addresses'] | sort %}
 {% if not addr.startswith('fe80::') %}
 add_rule6 -A allow-cluster -s {{ addr }} -j ACCEPT
 {% endif %}