diff --git a/bootstrap.sh b/bootstrap.sh
index d7a7885..48bc3ab 100644
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -24,7 +24,7 @@ sudo apt install git git-lfs -y
 git lfs install
 
 # Clone ansible_playbooks repo
-git clone https://git.athelas-conseils.fr/Stage/ansible_playbooks.git
+git clone -b dev https://git.athelas-conseils.fr/Stage/ansible_playbooks.git
 
 
 ~/.local/bin/ansible-playbook ansible_playbooks/tasks/full_setup.yml -i ansible_playbooks/inventory.ini --extra-vars "ansible_ssh_pass=$password ansible_ssh_common_args='-o StrictHostKeyChecking=no'"
\ No newline at end of file
diff --git a/files/usertwist.service b/files/usertwist.service
index 17cd2d9..cbfb6ab 100644
--- a/files/usertwist.service
+++ b/files/usertwist.service
@@ -5,6 +5,17 @@ Description=Simple Web Service
 User=usertwist
 Group=usertwist
 ExecStart=/usr/local/bin/usertwist
+PrivateTmp=yes
+NoNewPrivileges=true
+RestrictNamespaces=uts ipc pid user cgroup
+ProtectSystem=strict
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+PrivateDevices=yes
+RestrictSUIDSGID=true
+ProtectHome=true
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/tasks/install_caddy.yml b/tasks/install_caddy.yml
index 895013e..30de10d 100644
--- a/tasks/install_caddy.yml
+++ b/tasks/install_caddy.yml
@@ -29,11 +29,16 @@
       src: ../templates/Caddyfile.j2
       dest: /etc/caddy/Caddyfile
 
+  - name: Create the usertwist group
+    ansible.builtin.group:
+      name: usertwist
+
   - name: Create the usertwist user
     ansible.builtin.user:
       name: usertwist
       group: usertwist
       system: true
+      shell: /usr/sbin/nologin
 
   - name: Put the service binary on the remote server
     ansible.builtin.copy:
diff --git a/tasks/roles/setup_iptables/README.md b/tasks/roles/setup_iptables/README.md
new file mode 100644
index 0000000..c65e2c5
--- /dev/null
+++ b/tasks/roles/setup_iptables/README.md
@@ -0,0 +1,22 @@
+Setup IPTables
+=========
+
+Create iptables rules on the remote server to allow connection on WEB and SSH ports only
+
+Example Playbook
+----------------
+
+    - hosts: servers
+      roles:
+        - setup_iptables
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Motysten
+E-Mail : mdm@athelas.fr
diff --git a/tasks/roles/setup_iptables/meta/main.yml b/tasks/roles/setup_iptables/meta/main.yml
new file mode 100644
index 0000000..a7cde37
--- /dev/null
+++ b/tasks/roles/setup_iptables/meta/main.yml
@@ -0,0 +1,34 @@
+galaxy_info:
+  author: Motysten
+  description: Dev
+  company: Athelas
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/tasks/roles/setup_iptables/tasks/main.yml b/tasks/roles/setup_iptables/tasks/main.yml
new file mode 100644
index 0000000..c486da3
--- /dev/null
+++ b/tasks/roles/setup_iptables/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+# tasks file for setup_iptables
+- name: Open needed ports
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    in_interface: eth0
+    jump: ACCEPT
+    destination_ports:
+      - "22"
+      - "443"
+      - "80"
+
+- name: Set INPUT policy to DROP
+  ansible.builtin.iptables:
+    chain: INPUT
+    policy: DROP
+
+- name: Create iptables folder in /etc
+  ansible.builtin.file:
+    path: /etc/ansible
+    state: directory
+    mode: '0755'
+
+- name: Install iptables-persistent for rules persistence
+  ansible.builtin.package:
+    name: iptables-persistent
+    update_cache: true
+
+- name: Save IPv4 rules to keep them on reboot
+  community.general.iptables_state:
+    state: saved
+    path: /etc/iptables/rules.v4
+
+- name: Save IPv6 rules to keep them on reboot
+  community.general.iptables_state:
+    state: saved
+    path: /etc/iptables/rules.v6
\ No newline at end of file
diff --git a/tasks/setup_iptables.yml b/tasks/setup_iptables.yml
index b6a297e..2e6b195 100644
--- a/tasks/setup_iptables.yml
+++ b/tasks/setup_iptables.yml
@@ -1,20 +1,6 @@
 - name: Edit iptables settings
   hosts: athelas
   become: true
-  tasks:
-
-  - name: Open needed ports
-    ansible.builtin.iptables:
-      chain: INPUT
-      protocol: tcp
-      in_interface: eth0
-      jump: ACCEPT
-      destination_ports:
-        - "22"
-        - "443"
-        - "80"
-
-  - name: Set INPUT policy to DROP
-    ansible.builtin.iptables:
-      chain: INPUT
-      policy: DROP
+  
+  roles:
+    - setup_iptables