diff --git a/roles/firewall/defaults/main.yaml b/roles/firewall/defaults/main.yaml
index ac6cfbc..5cf4c01 100644
--- a/roles/firewall/defaults/main.yaml
+++ b/roles/firewall/defaults/main.yaml
@@ -5,6 +5,11 @@ firewall_iptables_rules_v6: /etc/iptables/rules.v6-tmp
 firewall_ipset_v4: /etc/iptables/ipset.v4-tmp
 firewall_ipset_v6: /etc/iptables/ipset.v6-tmp
 
+firewall_iptables_package_state: present
+firewall_iptables_package_name: iptables
+#firewall_iptables_service_state: started
+#firewall_iptables_service_enabled: true
+
 firewall_iptables_persistent_package_name: iptables-persistent
 firewall_iptables_persistent_package_state: present
 
diff --git a/roles/firewall/tasks/main.yaml b/roles/firewall/tasks/main.yaml
index 3f0f31c..b19ee89 100644
--- a/roles/firewall/tasks/main.yaml
+++ b/roles/firewall/tasks/main.yaml
@@ -6,6 +6,11 @@
     - "{{ ansible_distribution }}.yaml"
     - "{{ ansible_os_family }}.yaml"
 
+- name: install iptables
+  package:
+    name: "{{ firewall_iptables_package_name }}"
+    state: "{{ firewall_iptables_package_state }}"
+
 - name: install iptables-persistent
   package:
     name: "{{ firewall_iptables_persistent_package_name }}"