diff --git a/tasks/full_setup.yml b/tasks/full_setup.yml
index 896ecdf..6f5be68 100644
--- a/tasks/full_setup.yml
+++ b/tasks/full_setup.yml
@@ -1,4 +1,5 @@
 - import_playbook: setup_ssh.yml
+- import_playbook: setup_iptables.yml
 - import_playbook: install_docker.yml
 - import_playbook: install_vuls.yml
 - import_playbook: install_caddy.yml
diff --git a/tasks/setup_iptables.yml b/tasks/setup_iptables.yml
new file mode 100644
index 0000000..c0d6f00
--- /dev/null
+++ b/tasks/setup_iptables.yml
@@ -0,0 +1,20 @@
+- name: Edit iptables settings
+  hosts: athelas
+  become: true
+  tasks:
+
+  - name: Open needed ports
+    ansible.builtin.iptables:
+      chain: INPUT
+      protocol: tcp
+      in_interface: eth0
+      jump: ACCEPT
+      destination_ports:
+        - "22"
+        - "80"
+        - "443"
+
+  - name: Set INPUT policy to DROP
+    ansible.builtin.iptables:
+      chain: INPUT
+      policy: DROP