diff --git a/deploy.tf b/deploy.tf
index 0217754b1af67ad4f4c35662d91811762e73d220..c50042f58c94bf28f7b5e261bb49c625c0074c38 100644
--- a/deploy.tf
+++ b/deploy.tf
@@ -177,7 +177,6 @@ resource "openstack_compute_instance_v2" "server" {
 	key_pair = var.ssh
 	security_groups = [
 		openstack_networking_secgroup_v2.all.name,
-		openstack_networking_secgroup_v2.ssh.name,
 	]
 	user_data = data.template_cloudinit_config.ctx[count.index].rendered
 	network {
diff --git a/firewall.tf b/firewall.tf
index 0d0afe0b53791656eff27a827d961a6d5cafc8d3..2bccc2805baba24e69b8a0cce418faf4c331e4bc 100644
--- a/firewall.tf
+++ b/firewall.tf
@@ -1,13 +1,8 @@
 resource "openstack_networking_secgroup_v2" "all" {
-	name = format("%s.all", var.domain)
+	name = var.domain
 	description = "${title(var.domain)} all security group"
 }
 
-resource "openstack_networking_secgroup_v2" "ssh" {
-	name = format("%s.ssh", var.domain)
-	description = "${title(var.domain)} ssh security group"
-}
-
 resource "openstack_networking_secgroup_rule_v2" "all_self" {
 	for_each = toset(["0.0.0.0/0", "::/0"])
 	direction = "ingress"
@@ -32,17 +27,12 @@ resource "openstack_networking_secgroup_rule_v2" "all_other" {
 	security_group_id = openstack_networking_secgroup_v2.all.id
 }
 
-resource "openstack_networking_secgroup_rule_v2" "all_floatip" {
-	direction = "ingress"
-	ethertype = "IPv4"
-	remote_ip_prefix = "${openstack_networking_floatingip_v2.floatip_1.address}/32"
-	security_group_id = openstack_networking_secgroup_v2.all.id
-}
-
 resource "openstack_networking_secgroup_rule_v2" "ssh" {
 	for_each = var.security_admin_cidr
 	direction = "ingress"
 	ethertype = length(regexall(":", each.value)) == 0 ? "IPv4" : "IPv6"
+	port_range_min = 22
+	port_range_max = 22
 	remote_ip_prefix = each.key
-	security_group_id = openstack_networking_secgroup_v2.ssh.id
+	security_group_id = openstack_networking_secgroup_v2.all.id
 }