diff --git a/CHANGELOG.md b/CHANGELOG.md
index cdbe44ff..bdec64fd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release.
 
 ### Added
 * minifirewall: add a variable to disable the restart handler
+* minifirewall: add a variable to force a restart of the firewall (even with no change)
 
 ### Changed
 
diff --git a/minifirewall/README.md b/minifirewall/README.md
index 6e82f735..59cc86f6 100644
--- a/minifirewall/README.md
+++ b/minifirewall/README.md
@@ -17,6 +17,7 @@ Everything is in the `tasks/main.yml` file.
 * `minifirewall_privilegied_ips`: with IP/hosts should be trusted for restricted access (default: none)
 * `minifirewall_tail_included` : source a "tail" file at the end of the main config file. (default: `False`)
 * `minifirewall_restart_if_needed` : should the restart handler be executed (default: `True`)
+* `minifirewall_restart_force` : force restart minifirewall at the end of the role execution (default: `False`)
 The full list of variables (with default values) can be found in `defaults/main.yml`.
 
 **Some IP/hosts must be configured or the server will be inaccessible via network.**
diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml
index 8351732f..b1dfbaf1 100644
--- a/minifirewall/defaults/main.yml
+++ b/minifirewall/defaults/main.yml
@@ -25,6 +25,7 @@ minifirewall_private_ports_udp: []
 
 minifirewall_autostart: "no"
 minifirewall_restart_if_needed: True
+minifirewall_restart_force: False
 
 evomaintenance_hosts: []
 
diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml
index 5fa59d25..691d3842 100644
--- a/minifirewall/tasks/main.yml
+++ b/minifirewall/tasks/main.yml
@@ -13,3 +13,8 @@
 
 - include: tail.yml
   when: minifirewall_tail_included
+
+-  name: Force restart minifirewall
+   command: /bin/true
+   notify: restart minifirewall
+   when: minifirewall_restart_force