diff --git a/defaults/main.yml b/defaults/main.yml
index c9ada2a..4beee11 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,6 +3,17 @@ ldap_proxy_urls:
   - "ldapi:/// ldap:///"
 ldap_proxy_options: []
 
+ldap_proxy_iptables_enabled: False
+ldap_proxy_open_ports:
+  - name: allow_ldap_out
+    rules: |
+      -A OUTPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
+    state: present
+  - name: allow_ldap_in
+    rules: |
+      -A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
+    state: present
+
 # You can deploy your certificates from a file or from content.
 # If you enable ldap_proxy_tls_source_use_content you have to put the content of your cert files into
 # ldap_proxy_tls_cert_path and ldap_proxy_tls_cert_path.
diff --git a/tasks/setup.yml b/tasks/setup.yml
index 290d8c2..6142e30 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -25,5 +25,17 @@
         group: root
         mode: 0644
       notify:  __slapd_restart
+
+    - name: Open ports in iptables
+      iptables_raw:
+        name: "{{ item.name }}"
+        rules: "{{ item.rules }}"
+        state: "{{ item.state }}"
+        weight: "{{ item.weight|default(omit) }}"
+        table: "{{ item.table|default(omit) }}"
+      with_items: "{{ ldap_proxy_open_ports }}"
+      loop_control:
+        label: "{{item.name}}"
+      when: ldap_proxy_iptables_enabled
   become: True
   become_user: root