diff --git a/defaults/main.yml b/defaults/main.yml
index c4b96f5..f839a05 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,14 +1,14 @@
 ---
 kernel_disable_modules:
   - usb-storage
-
-kernel_blacklist_modules:
   - firewire-core
   - dccp
   - sctp
   - tipc
   - rds
 
+kernel_blacklist_modules: []
+
 # @var kernel_ipv4_ping_group_range: $ "_unset"
 # @var kernel_ipv4_ping_group_range:example: $ "0 2000000"
 
diff --git a/templates/etc/modprobe.d/custom.conf.j2 b/templates/etc/modprobe.d/custom.conf.j2
index 1bf90d7..e44c3eb 100644
--- a/templates/etc/modprobe.d/custom.conf.j2
+++ b/templates/etc/modprobe.d/custom.conf.j2
@@ -1,10 +1,11 @@
 #jinja2: lstrip_blocks: True
 {{ ansible_managed | comment }}
-
 {% for module in kernel_disable_modules %}
 install {{ module }} /bin/true
-
 {% endfor %}
-{% for module in kernel_blacklist_modules %}
+{% if (kernel_blacklist_modules + kernel_disable_modules) | length > 0 %}
+
+{% for module in (kernel_blacklist_modules + kernel_disable_modules) %}
 blacklist {{ module }}
 {% endfor %}
+{% endif %}
diff --git a/templates/etc/sysctl.d/local.conf.j2 b/templates/etc/sysctl.d/local.conf.j2
index d9b55ec..f0a17cd 100644
--- a/templates/etc/sysctl.d/local.conf.j2
+++ b/templates/etc/sysctl.d/local.conf.j2
@@ -19,9 +19,6 @@ kernel.yama.ptrace_scope = 2
 # Command is trapped and sent to the init program to handle a graceful restart
 kernel.ctrl-alt-del = 0
 
-# Disable loading new modules
-kernel.modules_disabled = 1
-
 # Disable access to performance events by users without CAP_SYS_ADMIN
 kernel.perf_event_paranoid = 3