diff --git a/defaults/main.yml b/defaults/main.yml
index 1884ec8..0ca514e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -43,9 +43,12 @@ nginx_gzip_types:
   - application/xml
 
 nginx_iptables_enabled: False
-nginx_open_ports:
-  - 80
-  - 443
+nginx_iptables_rules_default:
+  - name: allow_nginx_ports
+    rules: |
+      -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
+    state: present
+nginx_iptables_rules_extra: []
 
 nginx_tls_enabled: False
 nginx_tls_versions:
diff --git a/tasks/install.yml b/tasks/install.yml
index a59ec40..9e524d0 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -78,9 +78,12 @@
 
     - name: Open ports in iptables
       iptables_raw:
-        name: allow_nginx_ports
-        state: present
-        rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports | join(",") }} -j ACCEPT'
+        name: "{{ item.name }}"
+        rules: "{{ item.rules }}"
+        state: "{{ item.state }}"
+        weight: "{{ item.weight | default(omit) }}"
+        table: "{{ item.table | default(omit) }}"
+      loop: "{{ nginx_iptables_rules_default + nginx_iptables_rules_extra }}"
       when: nginx_iptables_enabled | bool
 
     - name: Set selinux booleans