diff --git a/roles/nftables_router/templates/nftables.d/10-vars.conf.j2 b/roles/nftables_router/templates/nftables.d/10-vars.conf.j2
index aa02fbe..af2d7f3 100644
--- a/roles/nftables_router/templates/nftables.d/10-vars.conf.j2
+++ b/roles/nftables_router/templates/nftables.d/10-vars.conf.j2
@@ -3,45 +3,45 @@
 ## Interconnexion
 
 # Réseaux d'interconnexion
-define interco_v4 = { 192.168.0.0/31, 192.168.0.2/31, 10.129.0.0/16 }
-define interco_v6 = { 2a09:6840:129::0/48 }
+define interco_v4 = { {{ nftables_interco_v4 | join(", ") }} }
+define interco_v6 = { {{ nftables_interco_v6 | join(", ") }} }
 
 
 ## Administration
 
 # Réseaux d'administration
-define adm_v4 = { 10.128.0.0/16, 10.133.0.0/16 }
-define adm_v6 = { 2a09:6840:128::0/48, 2a09:6840:133::0/48 }
+define adm_v4 = { {{ nftables_adm_v4 | join(", ") }} }
+define adm_v6 = { {{ nftables_adm_v6 | join(", ") }} }
 
 # Serveurs de centralisation des journaux
 define syslog_adm_v4 = { 10.128.0.51 }
 define syslog_adm_v6 = { 2a09:6840:128::251 }
 
 # Adresses des bastions autorisés
-define bastion_v4 = { 10.128.0.224, 10.133.0.250 }
-define bastion_v6 = { 2a09:6840:133::250 }
+define bastions_v4 = { {{ nftables_bastions_v4 | join(", ") }} }
+define bastions_v6 = { {{ nftables_bastions_v6 | join(", ") }} }
 
 
 ## Services
 
 # Réseaux de services privés
-define svc_v4 = { 10.132.0.0/16 }
-define svc_v6 = { 2a09:6840:132::0/48 }
+define svc_v4 = { {{ nftables_svc_v4 | join(", ") }} }
+define svc_v6 = { {{ nftables_svc_v6 | join(", ") }} }
 
 
 ## Adhérents
 
 # Réseaux des adhérents
-define member_v4 = { 10.50.0.0/16 }
-define member_v6 = { 2a09:6840:50::0/48 }
+define members_v4 = { {{ nftables_members_v4 | join(", ") }} }
+define members_v6 = { {{ nftables_members_v6 | join(", ") }} }
 
 # Sous-réseau d'inscription des adhérents
-define signup_v4 = { 10.50.0.0/16 }
-define signup_v6 = { 2a09:6840:50::0/48 }
+define signup_v4 = { {{ nftables_signup_v4 | join(", ") }} }
+define signup_v6 = { {{ nftables_signup_v6 | join(", ") }} }
 
 # Hôtes déclencheurs d'accès à Internet pour inscription
-define signup_trigger_v4 = { 1.1.1.1 }
-define signup_trigger_v6 = { 2606:4700:4700::1111 }
+define signup_triggers_v4 = { {{ nftables_signup_triggers_v4 | join(", ") }} }
+define signup_triggers_v6 = { {{ nftables_signup_triggers_v6 | join(", ") }} }
 
 
 ## NAT
@@ -49,7 +49,5 @@ define signup_trigger_v6 = { 2606:4700:4700::1111 }
 # Interface sur laquelle appliquer le NAT
 define wan_iface = "ens18"
 
-define member_priv_v4 = { 10.50.0.0/16 }
-define member_nat_v4 = 92.222.211.198
-
+define members_nat_v4 = 92.222.211.198
 define any_nat_v4 = 92.222.211.198
diff --git a/roles/nftables_router/templates/nftables.d/50-filter.conf.j2 b/roles/nftables_router/templates/nftables.d/50-filter.conf.j2
index a19265f..dc41029 100644
--- a/roles/nftables_router/templates/nftables.d/50-filter.conf.j2
+++ b/roles/nftables_router/templates/nftables.d/50-filter.conf.j2
@@ -25,8 +25,8 @@ table inet filter {
         counter accept
     }
     
-    chain input_from_member {
-        log prefix "in-from-member" group 0
+    chain input_from_members {
+        log prefix "in-from-members" group 0
     }
 
     chain input_from_signup {
@@ -56,8 +56,8 @@ table inet filter {
         ip saddr $interco_v4 goto input_from_interco
         ip6 saddr $interco_v6 goto input_from_interco
 
-        ip saddr $member_v4 goto input_from_member
-        ip6 saddr $member_v6 goto input_from_member
+        ip saddr $members_v4 goto input_from_members
+        ip6 saddr $members_v6 goto input_from_members
 
         ip saddr $signup_v4 goto input_from_signup
         ip6 saddr $signup_v6 goto input_from_signup
@@ -79,21 +79,21 @@ table inet filter {
         ip6 saddr $interco_v6 accept
     }
 
-    chain forward_to_member_re2o_ports {
+    chain forward_to_members_re2o_ports {
         # TODO
     }
 
-    chain forward_to_member {
+    chain forward_to_members {
         # Les adhérents peuvent communiquer entre eux
-        ip saddr $member_v4 accept
-        ip6 saddr $member_v6 accept
+        ip saddr $members_v4 accept
+        ip6 saddr $members_v6 accept
 
         # L'administration n'a pas accès à l'extérieur
         ip saddr $adm_v4 drop
         ip6 saddr $adm_v6 drop
 
         # Les ouvertures de ports sont générées par re2o
-        goto forward_to_member_re2o_ports
+        goto forward_to_members_re2o_ports
     }
 
     chain forward_to_signup {
@@ -111,8 +111,8 @@ table inet filter {
         ip6 saddr != $adm_v6 drop
 
         # Les bastions ont accès à toute l'administration
-        ip saddr $bastion_v4 accept
-        ip6 saddr $bastion_v6 accept
+        ip saddr $bastions_v4 accept
+        ip6 saddr $bastions_v6 accept
 
         # Tous les serveurs ont accès au collecteur de logs
         ip daddr $syslog_adm_v4 tcp dport 20514 accept
@@ -127,12 +127,12 @@ table inet filter {
         log prefix "fwd-to-inet" group 0
 
         # On évite certains problèmes de spam
-        ip saddr $member_v4 tcp dport 25 drop
-        ip6 saddr $member_v6 tcp dport 25 drop
+        ip saddr $members_v4 tcp dport 25 drop
+        ip6 saddr $members_v6 tcp dport 25 drop
 
         # Les adhérents ont accès à internet
-        ip saddr $member_v4 accept
-        ip6 saddr $member_v6 accept
+        ip saddr $members_v4 accept
+        ip6 saddr $members_v6 accept
 
         # Les réseaus d'inscription ont accès à internet
         ip saddr $signup_v4 accept
@@ -155,7 +155,7 @@ table inet filter {
         # http://lists.netfilter.org/pipermail/netfilter-buglog/2017-August/003868.html
         #ip daddr vmap {
         #    $interco_v4 : goto forward_to_interco,
-        #    $member_v4 : goto forward_to_member,
+        #    $members_v4 : goto forward_to_members,
         #    $svc_v4 : goto forward_to_svc,
         #    $adm_v4 : goto forward_to_adm,
         #}
@@ -163,8 +163,8 @@ table inet filter {
         ip daddr $interco_v4 goto forward_to_interco
         ip6 daddr $interco_v6 goto forward_to_interco
 
-        ip daddr $member_v4 goto forward_to_member
-        ip6 daddr $member_v6 goto forward_to_member
+        ip daddr $members_v4 goto forward_to_members
+        ip6 daddr $members_v6 goto forward_to_members
 
         ip daddr $signup_v4 goto forward_to_signup
         ip6 daddr $signup_v6 goto forward_to_signup
diff --git a/roles/nftables_router/templates/nftables.d/60-nat.conf.j2 b/roles/nftables_router/templates/nftables.d/60-nat.conf.j2
index 6c8e0a6..8460651 100644
--- a/roles/nftables_router/templates/nftables.d/60-nat.conf.j2
+++ b/roles/nftables_router/templates/nftables.d/60-nat.conf.j2
@@ -10,7 +10,7 @@ table ip nat {
     chain snat_to_wan {
         log prefix "snat-to-wan" group 0
 
-        ip saddr $member_priv_v4 snat $member_nat_v4 persistent
+        ip saddr $members_v4 snat $members_nat_v4 persistent
         snat $any_nat_v4 persistent
     }