diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4dcaa63d..c36e3de0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 * evocheck: upstream release 22.08.1
 * generate-ldif: Support any MariaDB version
+* minifirewall: use handlers to restart minifirewall
 * openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
 * nagios-nrpe: Add check_domains
 * generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3) 
diff --git a/minifirewall/handlers/main.yml b/minifirewall/handlers/main.yml
index 5ba1926c..3c541de5 100644
--- a/minifirewall/handlers/main.yml
+++ b/minifirewall/handlers/main.yml
@@ -4,3 +4,19 @@
   service:
     name: nagios-nrpe-server
     state: restarted
+
+- name: restart minifirewall (modern)
+  command: /etc/init.d/minifirewall restart
+  register: minifirewall_init_restart
+  failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
+
+- name: restart minifirewall (legacy)
+  command: /etc/init.d/minifirewall restart
+  register: minifirewall_init_restart
+  failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
+
+- name: restart minifirewall (noop)
+  meta: noop
+  register: minifirewall_init_restart
+  failed_when: False
+  changed_when: False
\ No newline at end of file
diff --git a/minifirewall/tasks/config.legacy.yml b/minifirewall/tasks/config.legacy.yml
index 8a7f5990..a151e76c 100644
--- a/minifirewall/tasks/config.legacy.yml
+++ b/minifirewall/tasks/config.legacy.yml
@@ -197,21 +197,15 @@
     path: "{{ minifirewall_main_file }}"
   register: minifirewall_after
 
-- name: restart minifirewall
-  command: /etc/init.d/minifirewall restart
-  register: minifirewall_init_restart
-  failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
+- name: Schedule minifirewall restart (legacy)
+  command: /bin/true
+  notify: "restart minifirewall (legacy)"
   when:
+    - minifirewall_install_mode == 'legacy'
     - minifirewall_restart_if_needed | bool
     - minifirewall_is_running.rc == 0
-    - minifirewall_before.stat.checksum != minifirewall_after.stat.checksum
+    - minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
 
-- name: restart minifirewall (noop)
-  meta: noop
-  register: minifirewall_init_restart
-  failed_when: False
-  changed_when: False
-  when: not (minifirewall_restart_if_needed | bool)
 
 - debug:
     var: minifirewall_init_restart
diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml
index c11b83e8..b0a1d7a6 100644
--- a/minifirewall/tasks/config.yml
+++ b/minifirewall/tasks/config.yml
@@ -282,11 +282,11 @@
     path: "/etc/default/minifirewall"
   register: minifirewall_after
 
-- name: restart minifirewall
-  command: /etc/init.d/minifirewall restart
-  register: minifirewall_init_restart
-  failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
+- name: Schedule minifirewall restart (modern)
+  command: /bin/true
+  notify: "restart minifirewall (modern)"
   when:
+    - minifirewall_install_mode != 'legacy'
     - minifirewall_restart_if_needed | bool
     - minifirewall_is_running.rc == 0
     - minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml
index 483f8715..bc56b7dc 100644
--- a/minifirewall/tasks/main.yml
+++ b/minifirewall/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
 
-- name: Compose minifirewall_restart_handler_name variable
-  set_fact:
-    minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
-
 # Legacy or modern mode? ##############################################
 
 - name: Check minifirewall
@@ -39,6 +35,25 @@
     var: minifirewall_install_mode
     verbosity: 1
 
+- name: 'Set minifirewall_restart_handler_name to "noop"'
+  set_fact:
+    minifirewall_restart_handler_name: "restart minifirewall (noop)"
+  when: not (minifirewall_restart_if_needed | bool)
+
+- name: 'Set minifirewall_restart_handler_name to "legacy"'
+  set_fact:
+    minifirewall_restart_handler_name: "restart minifirewall (legacy)"
+  when:
+    - minifirewall_restart_if_needed | bool
+    - minifirewall_install_mode == 'legacy'
+
+- name: 'Set minifirewall_restart_handler_name to "modern"'
+  set_fact:
+    minifirewall_restart_handler_name: "restart minifirewall (modern)"
+  when:
+    - minifirewall_restart_if_needed | bool
+    - minifirewall_install_mode != 'legacy'
+
 #######################################################################
 
 - name: Fail if minifirewall_main_file is defined (legacy mode)
@@ -106,18 +121,16 @@
     var: minifirewall_restart_force | bool
     verbosity: 1
 
-- name: Force restart minifirewall (modern mode)
-  command: /etc/init.d/minifirewall restart
-  register: minifirewall_init_restart
-  failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
-  when:
-    - minifirewall_install_mode != 'legacy'
-    - minifirewall_restart_force | bool
-
-- name: Force restart minifirewall (legacy mode)
-  command: /etc/init.d/minifirewall restart
-  register: minifirewall_init_restart
-  failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
+- name: Force restart minifirewall (legacy)
+  command: /bin/true
+  notify: "restart minifirewall (legacy)"
   when:
     - minifirewall_install_mode == 'legacy'
+    - minifirewall_restart_force | bool
+
+- name: Force restart minifirewall (modern)
+  command: /bin/true
+  notify: "restart minifirewall (modern)"
+  when:
+    - minifirewall_install_mode != 'legacy'
     - minifirewall_restart_force | bool
\ No newline at end of file
diff --git a/minifirewall/tasks/tail.legacy.yml b/minifirewall/tasks/tail.legacy.yml
index 7a13eefa..dc7fbdc9 100644
--- a/minifirewall/tasks/tail.legacy.yml
+++ b/minifirewall/tasks/tail.legacy.yml
@@ -1,4 +1,22 @@
 ---
+
+- name: Stat minifirewall config file (before)
+  stat:
+    path: "/etc/default/minifirewall"
+  register: minifirewall_before
+
+- name: Check if minifirewall is running
+  shell:
+    cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
+  changed_when: False
+  failed_when: False
+  check_mode: no
+  register: minifirewall_is_running
+
+- debug:
+    var: minifirewall_is_running
+    verbosity: 1
+
 - name: Add some rules at the end of minifirewall file
   template:
     src: "{{ item }}"
@@ -30,20 +48,14 @@
     var: minifirewall_tail_source
     verbosity: 1
 
-- name: restart minifirewall
-  command: /etc/init.d/minifirewall restart
-  register: minifirewall_init_restart
-  failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
+- name: Schedule minifirewall restart (legacy)
+  command: /bin/true
+  notify: "restart minifirewall (legacy)"
   when:
-    - minifirewall_tail_template is changed
+    - minifirewall_install_mode == 'legacy'
     - minifirewall_restart_if_needed | bool
-
-- name: restart minifirewall (noop)
-  meta: noop
-  register: minifirewall_init_restart
-  failed_when: False
-  changed_when: False
-  when: not (minifirewall_restart_if_needed | bool)
+    - minifirewall_is_running.rc == 0
+    - minifirewall_tail_template is changed
 
 - debug:
     var: minifirewall_init_restart
diff --git a/minifirewall/tasks/tail.yml b/minifirewall/tasks/tail.yml
index 1d708fa4..73d60d9c 100644
--- a/minifirewall/tasks/tail.yml
+++ b/minifirewall/tasks/tail.yml
@@ -1,4 +1,22 @@
 ---
+
+- name: Stat minifirewall config file (before)
+  stat:
+    path: "/etc/default/minifirewall"
+  register: minifirewall_before
+
+- name: Check if minifirewall is running
+  shell:
+    cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
+  changed_when: False
+  failed_when: False
+  check_mode: no
+  register: minifirewall_is_running
+
+- debug:
+    var: minifirewall_is_running
+    verbosity: 1
+
 - name: Add some rules at the end of minifirewall file
   template:
     src: "{{ item }}"
@@ -18,20 +36,14 @@
     var: minifirewall_tail_template
     verbosity: 1
 
-- name: restart minifirewall
-  command: /etc/init.d/minifirewall restart
-  register: minifirewall_init_restart
-  failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
+- name: Schedule minifirewall restart (modern)
+  command: /bin/true
+  notify: "restart minifirewall (modern)"
   when:
-    - minifirewall_tail_template is changed
+    - minifirewall_install_mode != 'legacy'
     - minifirewall_restart_if_needed | bool
-
-- name: restart minifirewall (noop)
-  meta: noop
-  register: minifirewall_init_restart
-  failed_when: False
-  changed_when: False
-  when: not (minifirewall_restart_if_needed | bool)
+    - minifirewall_is_running.rc == 0
+    - minifirewall_tail_template is changed
 
 - debug:
     var: minifirewall_init_restart