diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8708755e..bb90f9c3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -62,6 +62,7 @@ The **patch** part changes incrementally at each release.
 ### Fixed
 * evoadmin-web: Put the php config at the right place for Buster
 * lxc-php: Don't remove the default pool
+* minifirewall: fix warnings ansible-lint
 * nginx: fix munin fcgi not working (missing chmod 660 on logs)
 * php: add missing handler for php7.3-fpm
 * roundcube: fix typo for roundcube vhost
diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml
index 13cb6145..82be385c 100644
--- a/minifirewall/tasks/config.yml
+++ b/minifirewall/tasks/config.yml
@@ -37,9 +37,12 @@
     line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
     insertafter: '^PRIVILEGIEDIPS='
 
-- fail:
+- name: Verify that at least 1 trusted IP is provided
+  assert:
+    that:
+      - minifirewall_trusted_ips != []
     msg: You must provide at least 1 trusted IP
-  when: minifirewall_trusted_ips == []
+
 - debug:
     msg: "Warning: minifirewall_trusted_ips='0.0.0.0/0', the firewall is useless!"
   when: minifirewall_trusted_ips == ["0.0.0.0/0"]
diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml
index d45183ac..0a2edbdf 100644
--- a/minifirewall/tasks/main.yml
+++ b/minifirewall/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: Compose minifirewall_restart_handler_name variable
+  set_fact:
     minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
 
 - include: install.yml