diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..25bf09e
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,31 @@
+---
+# Default head (allow) rules
+iptables_default_head: |
+  -P INPUT ACCEPT
+  -P FORWARD ACCEPT
+  -P OUTPUT ACCEPT
+  -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+  -A INPUT -i lo -j ACCEPT
+  -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+  -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+
+# Default tail (deny) rules
+iptables_default_tail: |
+  -A INPUT -j REJECT
+  -A FORWARD -j REJECT
+
+iptables_custom_rules: []
+# Example:
+# iptables_custom_rules:
+#   - name: open_port_12345 # 'iptables_custom_rules_' will be prepended to this
+#     rules: '-A INPUT -p tcp --dport 12345 -j ACCEPT'
+#     state: present
+#     weight: 40
+#     ipversion: 4
+#     table: filter
+#
+# NOTE: 'name', 'rules' and 'state' are required, others are optional.
+
+# By default this role deletes all iptables rules which are not managed by Ansible.
+# Set this to 'yes', if you want the role to keep unmanaged rules.
+iptables_keep_unmanaged: no
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..d8bdf76
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+
+- name: restart iptables
+  shell: sleep 2 && systemctl restart iptables
+  async: 1
+  poll: 0
+  ignore_errors: true
+  listen:
+    - "iptables_restart"
diff --git a/tasks/config.yml b/tasks/config.yml
new file mode 100644
index 0000000..1885d21
--- /dev/null
+++ b/tasks/config.yml
@@ -0,0 +1,25 @@
+---
+- name: enable iptables service
+  service:
+    name: iptables
+    enabled: yes
+    state: started
+
+- name: Set custom iptables rules
+  iptables_raw:
+    name: 'iptables_custom_rules_{{ item.name }}'
+    rules: '{{ item.rules }}'
+    state: '{{ item.state }}'
+    weight: '{{ item.weight|default(omit) }}'
+    table: '{{ item.table|default(omit) }}'
+  with_items: '{{ iptables_custom_rules }}'
+  tags: iptables
+
+- name: Set default iptables head rules
+  iptables_raw:
+    name: iptables_default_head
+    weight: 10
+    keep_unmanaged: '{{ iptables_keep_unmanaged }}'
+    state: present
+    rules: '{{ iptables_default_head }}'
+  tags: iptables
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..eaed1d2
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,6 @@
+---
+- name: installing iptables
+  package:
+    name: '{{ iptables_package }}'
+    state: latest
+
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..6f1227c
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- include_vars: 'os_{{ ansible_os_family }}.yml'
+- include: install.yml
+- include: config.yml
diff --git a/vars/os_Debian.yml b/vars/os_Debian.yml
new file mode 100644
index 0000000..6b39d87
--- /dev/null
+++ b/vars/os_Debian.yml
@@ -0,0 +1,3 @@
+---
+
+iptables_package: iptables
diff --git a/vars/os_RedHat.yml b/vars/os_RedHat.yml
new file mode 100644
index 0000000..14efd9b
--- /dev/null
+++ b/vars/os_RedHat.yml
@@ -0,0 +1,3 @@
+---
+
+iptables_package: iptables-services