diff --git a/playbook/roles/olimex-board/tasks/main.yml b/playbook/roles/olimex-board/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..18f8bf03942c991b5dabd6d77c5a6479b22b8f15
--- /dev/null
+++ b/playbook/roles/olimex-board/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Install iptables
+  apt:
+    name: iptables
+    state: present
+
+- name: Set firewall config file path
+  set_fact:
+    setup_olimex_firewall_path: /usr/bin/setup-olimex-firewall
+
+- name: Add script to boot firewall
+  template:
+    src: iptables.j2
+    dest: "{{ setup_olimex_firewall_path }}"
+    mode: 755
+
+- name: Include setup-olimex-firewall at reboot on cron
+  cron: name="Setup firewall on reboot" special_time=reboot job="sleep 30 && {{ setup_olimex_firewall_path }}"
diff --git a/playbook/roles/olimex-board/templates/iptables.j2 b/playbook/roles/olimex-board/templates/iptables.j2
new file mode 100644
index 0000000000000000000000000000000000000000..4a4afc89a7288ec641621c8197a7e71da41230e9
--- /dev/null
+++ b/playbook/roles/olimex-board/templates/iptables.j2
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# We want to close all ports except for those which are used by
+# re6stnet and SSH (to be able to keep a connection to the board).
+
+echo "Update firewall. Close all ports except SSH ports."
+
+# Remove all existing rules
+iptables -F
+
+# Allow SSH access
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# Set default drop policy
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+ip6tables -P INPUT DROP
+ip6tables -P OUTPUT DROP
+ip6tables -P FORWARD DROP
+
+# For additional rules (for instance Wendelin/Fluentd, ...)
+
+{{ iptables_rules }}
+
+# Open Re6stnet ports (if bash file exists)
+RE6STNET_IP6TABLES_CHECK="/usr/bin/re6stnet-ip6tables-check"
+
+if [ -f $RE6STNET_IP6TABLES_CHECK ]; then
+    bash $RE6STNET_IP6TABLES_CHECK
+else
+  echo "No Re6stnet ip6tables check file could be found!"
+  echo "No dedicated re6stnet ports could be opened."
+fi
diff --git a/playbook/wendelin-olimex-iot-gateway.yml b/playbook/wendelin-olimex-iot-gateway.yml
index b1eec8f2915db9974d2640d9d7623db595204b51..897f882c9f3e5594bf93cbd8db20132a86942f42 100644
--- a/playbook/wendelin-olimex-iot-gateway.yml
+++ b/playbook/wendelin-olimex-iot-gateway.yml
@@ -6,3 +6,33 @@
 - name: a play that runs entirely on the ansible host
   hosts: 127.0.0.1
   connection: local
+
+  vars:
+    - iptables_rules: |
+        # We send data to Wendelin via HTTP or HTTPS
+
+        # Only accept packets on the INPUT chain that are ESTABLISHED or RELATED to a current connection
+        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+        # #### Output exceptions  #### #
+
+        # Accept DNS
+        iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
+        iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+
+        # Accept HTTP
+        iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
+
+        # Accept HTTPS
+        iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
+        iptables -A OUTPUT -p udp --dport 443 -j ACCEPT
+
+        # To receive data from Sensor
+        
+        LISTEN_SENSOR_PORT=24224
+
+        ip6tables -A INPUT -p tcp --dport $LISTEN_SENSOR_PORT -j ACCEPT
+        ip6tables -A INPUT -p udp --dport $LISTEN_SENSOR_PORT -j ACCEPT
+
+  roles:
+    - role: olimex-board
diff --git a/playbook/wendelin-olimex-sensor.yml b/playbook/wendelin-olimex-sensor.yml
index 4369262d16207df9565b5479c2c763a9931419c9..1ea7bf7d5542ba33deae4fbbd5463557e3b244d0 100644
--- a/playbook/wendelin-olimex-sensor.yml
+++ b/playbook/wendelin-olimex-sensor.yml
@@ -7,5 +7,17 @@
   hosts: 127.0.0.1
   connection: local
 
+  vars:
+    - iptables_rules: |
+        # To send data to IoT-Gateway
+          
+        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+          
+        LISTEN_SENSOR_PORT=24224
+
+        ip6tables -A OUTPUT -p tcp --dport $LISTEN_SENSOR_PORT -j ACCEPT
+        ip6tables -A OUTPUT -p udp --dport $LISTEN_SENSOR_PORT -j ACCEPT
+
   roles:
+    - role: olimex-board
     - role: olimex-sensor