diff --git a/roles/config/files/iptables b/roles/config/files/iptables
new file mode 100644
index 0000000..7748bca
--- /dev/null
+++ b/roles/config/files/iptables
@@ -0,0 +1,24 @@
+# sample configuration for iptables service
+# you can edit this manually or use system-config-firewall
+# please do not ask us to add additional ports/services to this default configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+#-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+#-A INPUT -p icmp -j ACCEPT
+#-A INPUT -i lo -j ACCEPT
+#-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+#-A INPUT -j REJECT --reject-with icmp-host-prohibited
+#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+# NAT Section
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A PREROUTING --src 0/0 -p tcp --dport 80 -j REDIRECT --to-ports 8080
+-A PREROUTING --src 0/0 -p tcp --dport 443 -j REDIRECT --to-ports 8443
+-A OUTPUT --src 0/0 --dst 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 8080
+-A OUTPUT --src 0/0 --dst 127.0.0.1 -p tcp --dport 443 -j REDIRECT --to-ports 8443
+COMMIT
diff --git a/roles/config/tasks/main.yml b/roles/config/tasks/main.yml
index 28c4e2c..45b302d 100644
--- a/roles/config/tasks/main.yml
+++ b/roles/config/tasks/main.yml
@@ -26,6 +26,23 @@
   when: variant.stdout=="iot"
   tags: config
 
+- name: Setup port iptables 80 / 443 redirection to 8080 / 8443 caddy
+  become: true
+  become_method: sudo
+  ansible.builtin.copy:
+    src: iptables
+    dest: /etc/sysconfig/iptables
+  tags: config
+
+- name: Enable iptables service
+  become: true
+  become_method: sudo
+  ansible.builtin.systemd_service:
+    name: iptables
+    state: started
+    enabled: true
+  tags: config
+
 - name: Enable Cockpit Service
   become: true
   become_method: sudo