diff --git a/evomaintenance/defaults/main.yml b/evomaintenance/defaults/main.yml
index c07524ac..6ad55a9b 100644
--- a/evomaintenance/defaults/main.yml
+++ b/evomaintenance/defaults/main.yml
@@ -33,3 +33,6 @@ evomaintenance_realm: "{{ evolinux_internal_domain }}"
 evomaintenance_default_hosts: []
 evomaintenance_additional_hosts: []
 evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"
+
+minifirewall_restart_if_needed: True
+minifirewall_restart_force: False
diff --git a/evomaintenance/handlers/main.yml b/evomaintenance/handlers/main.yml
new file mode 100644
index 00000000..85884f73
--- /dev/null
+++ b/evomaintenance/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: restart minifirewall
+  command: /etc/init.d/minifirewall restart
+  register: minifirewall_init_restart
+  failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
+  changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
+
+- name: restart minifirewall (noop)
+  meta: noop
+  register: minifirewall_init_restart
+  failed_when: False
+  changed_when: False
diff --git a/evomaintenance/tasks/main.yml b/evomaintenance/tasks/main.yml
index e16212bc..d2e1f064 100644
--- a/evomaintenance/tasks/main.yml
+++ b/evomaintenance/tasks/main.yml
@@ -1,5 +1,8 @@
 ---
 
+- set_fact:
+    minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
+
 - include: install_package.yml
   when: not evomaintenance_install_vendor
 
@@ -30,6 +33,7 @@
     line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
     insertafter: "^# EvoMaintenance"
   with_items: "{{ evomaintenance_hosts }}"
+  notify: "{{ minifirewall_restart_handler_name }}"
   when: minifirewall_default_file.stat.exists
   tags:
     - evomaintenance
@@ -39,6 +43,14 @@
     dest: /etc/default/minifirewall
     regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
     state: absent
+  notify: "{{ minifirewall_restart_handler_name }}"
   when: minifirewall_default_file.stat.exists
   tags:
     - evomaintenance
+
+-  name: Force restart minifirewall
+   command: /bin/true
+   notify: restart minifirewall
+   when: minifirewall_restart_force
+   tags:
+     - evomaintenance