diff --git a/roles/nftables/templates/nftables.conf.j2 b/roles/nftables/templates/nftables.conf.j2
index 44f153c..067285c 100644
--- a/roles/nftables/templates/nftables.conf.j2
+++ b/roles/nftables/templates/nftables.conf.j2
@@ -8,6 +8,11 @@ table ip filter {
         ct state vmap { established : accept, related : accept }
         ip protocol icmp accept
         iifname lo accept
+{% if firewall_raw is defined %}
+{%   for rule in firewall_raw %}
+        {{ rule }}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from %}
@@ -35,6 +40,11 @@ table ip6 filter {
         type filter hook input priority 0; policy accept
         ct state vmap { established : accept, related : accept }
         ip6 nexthdr icmpv6 accept
+{% if firewall_raw6 is defined %}
+{%   for rule in firewall_raw6 %}
+        {{ rule }}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from %}