diff --git a/squid/handlers/main.yml b/squid/handlers/main.yml
index 8173d655..4f5329b9 100644
--- a/squid/handlers/main.yml
+++ b/squid/handlers/main.yml
@@ -28,3 +28,6 @@
   service:
     name: log2mail
     state: restarted
+
+- name: restart minifirewall
+  command: /etc/init.d/minifirewall restart
diff --git a/squid/tasks/minifirewall.yml b/squid/tasks/minifirewall.yml
index 7f8217b0..5eea7675 100644
--- a/squid/tasks/minifirewall.yml
+++ b/squid/tasks/minifirewall.yml
@@ -11,12 +11,14 @@
       dest: /etc/default/minifirewall
       regexp: "^(HTTPSITES='[^0-9])"
       replace: '#\1'
+    notify: restart minifirewall
 
   - name: all HTTPSITES are authorized in minifirewall
     lineinfile:
       dest: /etc/default/minifirewall
       line: "HTTPSITES='0.0.0.0/0'"
       insertafter: "^#HTTPSITES="
+    notify: restart minifirewall
 
   - name: add iptables rules for the proxy
     lineinfile:
@@ -29,10 +31,12 @@
       - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
       - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"
       - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888"
+    notify: restart minifirewall
 
   - name: remove minifirewall example rule for the proxy
     lineinfile:
       dest: /etc/default/minifirewall
       regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
       state: absent
+    notify: restart minifirewall
   when: minifirewall_test.stat.exists