diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml
index 12d328bb..d2e30076 100644
--- a/minifirewall/tasks/config.yml
+++ b/minifirewall/tasks/config.yml
@@ -1,5 +1,11 @@
 ---
 
+- name: Check if minifirewall is running
+  command: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$
+  changed_when: False
+  failed_when: False
+  register: minifirewall_is_running
+
 - name: Begin marker for IP addresses
   lineinfile:
     dest: /etc/default/minifirewall
@@ -25,7 +31,7 @@
       INTLAN='{{ minifirewall_intlan }}'
       TRUSTEDIPS='{{ minifirewall_trusted_ips | join(' ') }}'
       PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
-
+  register: minifirewall_config_ips
 
 - name: Begin marker for ports
   lineinfile:
@@ -55,3 +61,10 @@
       SERVICESUDP2='{{ minifirewall_semipublic_ports_udp | join(' ') }}'
       SERVICESTCP3='{{ minifirewall_private_ports_tcp | join(' ') }}'
       SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
+  register: minifirewall_config_ports
+
+- name: restart minifirewall
+  service:
+    name: minifirewall
+    state: restarted
+  when: minifirewall_is_running.rc == 0 and (minifirewall_config_ips | changed or minifirewall_config_ports | changed)