diff --git a/defaults/main.yml b/defaults/main.yml
index c2d0191..8d0deab 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,13 +5,12 @@ cups_version: 2.2.10
 cups_bind_url:
  - localhost:631
 
-cups_listen_address: print.rknet.org
+cups_listen_address: print.example.org
 
 cups_log_level: warn
 cups_server_admin: admin@example.com
+cups_iptables_enabled: False
 
-cups_tls_cert_path: "{{ cups_base_dir }}/tls/certs/mycert.pem"
-cups_tls_key_path: "{{ cups_base_dir }}/tls/private/mykey.pem"
 cups_tls_cert_source: mycert.pem
 cups_tls_key_source: mykey.pem
 
diff --git a/tasks/install.yml b/tasks/install.yml
index 8729c4a..85880af 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -20,5 +20,12 @@
         dest: "/etc/cups/cupsd.conf"
         mode: 0640
       notify: __cupsd_restart
+
+    - name: Open ports in iptables
+      iptables_raw:
+        name: allow_cups
+        state: present
+        rules: '-A INPUT -m state --state NEW -p tcp --dport {{ cups_nginx_proxy_url | urlsplit("port") }} -j ACCEPT'
+      when: cups_iptables_enabled
   become: True
   become_user: root