diff --git a/roles/iptables/defaults/main.yml b/roles/iptables/defaults/main.yml
index 51dcfc3..d50d859 100644
--- a/roles/iptables/defaults/main.yml
+++ b/roles/iptables/defaults/main.yml
@@ -1,6 +1,3 @@
 ---
-
 firewall_in:
   - {proto: tcp, port: 22}
-
-firewall_raw: []
diff --git a/roles/iptables/templates/ip6tables.j2 b/roles/iptables/templates/ip6tables.j2
index ee937b2..bb22bcb 100644
--- a/roles/iptables/templates/ip6tables.j2
+++ b/roles/iptables/templates/ip6tables.j2
@@ -5,9 +5,11 @@
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p ipv6-icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
-{% for rule in firewall_raw6 %}
+{% if firewall_raw6 is defined %}
+{%   for rule in firewall_raw6 %}
 {{ rule }}
-{% endfor %}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from | ipv6 %}
diff --git a/roles/iptables/templates/iptables.j2 b/roles/iptables/templates/iptables.j2
index 4bbf67e..2e558a1 100644
--- a/roles/iptables/templates/iptables.j2
+++ b/roles/iptables/templates/iptables.j2
@@ -5,9 +5,11 @@
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
-{% for rule in firewall_raw %}
+{% if firewall_raw is defined %}
+{%   for rule in firewall_raw %}
 {{ rule }}
-{% endfor %}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from | ipv4 %}