diff --git a/modules/firewall.nix b/modules/firewall.nix
index 2edfcaf..b294a4b 100644
--- a/modules/firewall.nix
+++ b/modules/firewall.nix
@@ -5,7 +5,7 @@ let
 in
 {
   # Allow BGP on peering interfaces
-  # TODO: these should actually only additionally filter for peer's
+  # TODO: bgp should only be allowed with src and dst
   # addresses, but there is no NixOS option for that.
   networking.firewall.interfaces = lib.mkIf enable (
     builtins.listToAttrs (