diff --git a/defaults/main.yml b/defaults/main.yml
index a0a5647..c6a9738 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -18,16 +18,26 @@ unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"
 
 unifi_iptables_enabled: True
 unifi_open_ports:
-  # unifi webinterface
-  - "-A INPUT -m state --state NEW -p 8443 --dport tcp -j ACCEPT"
-  # unifi client server communication
-  - "-A INPUT -m state --state NEW -p 8080 --dport tcp -j ACCEPT"
-  - "-A OUTPUT -m state --state NEW -p 8080 --dport tcp -j ACCEPT"
-  # unifi speedtest
-  - "-A OUTPUT -m state --state NEW -p 6789 --dport tcp -j ACCEPT"
-  # unifi stun
-  - "-A INPUT -m state --state NEW -p 3478 --dport udp -j ACCEPT"
-  - "-A OUTPUT -m state --state NEW -p 3478 --dport udp -j ACCEPT"
-  # ap discovery
-  - "-A INPUT -m state --state NEW -p 10001 --dport udp -j ACCEPT"
-  - "-A OUTPUT -m state --state NEW -p 10001 --dport udp -j ACCEPT"
+  - name: allow_unifi_web
+    rules: |
+      -A INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT
+    state: present
+  - name: allow_unifi_comm
+    rules: |
+      -A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
+      -A OUTPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
+    state: present
+  - name: allow_unifi_stun
+    rules: |
+      -A INPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
+      -A OUTPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
+    state: present
+  - name: allow_unifi_discover
+    rules: |
+      -A INPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
+      -A OUTPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
+    state: present
+  - name: allow_unifi_sped
+    rules: |
+      -A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
+    state: present
diff --git a/tasks/install.yml b/tasks/install.yml
index 88b5ce9..bd5f266 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -62,9 +62,14 @@
 - block:
   - name: Open ports in iptables
     iptables_raw:
-      name: "allow_unifi"
-      state: present
-      rules: "{{ unifi_open_ports }}"
+      name: "{{ item.name }}"
+      rules: "{{ item.rules }}"
+      state: "{{ item.state }}"
+      weight: "{{ item.weight|default(omit) }}"
+      table: "{{ item.table|default(omit) }}"
+    with_items: "{{ unifi_open_ports }}"
+    loop_control:
+      label: "{{item.name}}"
     when: unifi_iptables_enabled
 
   - name: Create systemd unit files