diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp
index 1086555..3b77ed4 100644
--- a/firewall/manifests/init.pp
+++ b/firewall/manifests/init.pp
@@ -1,4 +1,3 @@
-
 # Enable firewall and install defined rules
 #
 # Rules are readed from variable $firewall_rules which needs to be an
@@ -30,9 +29,36 @@ class firewall {
 }
 
 
+# Enable firewall and install custom config file
+#
+# Config file is searched in following order:
+#
+#     puppet:///files/firewall/${config}.${fqdn}
+#     puppet:///files/firewall/${config}
+#
+# where config is firewall configuration file name
+# (iptables or pf.conf).
+#
+class firewall::custom {
+
+    case $operatingsystem {
+	centos,fedora: {
+	    include firewall::custom::iptables
+	}
+	openbsd: {
+	    include firewall::custom::pf
+	}
+	default: {
+	    fail("Firewall module not supported in ${operatingsystem}")
+	}
+    }
+
+}
+
+
 # Linux iptables handler.
 #
-class firewall::iptables {
+class firewall::common::iptables {
 
     package { [ "iptables" ]:
 	ensure => installed,
@@ -40,7 +66,6 @@ class firewall::iptables {
 
     file { "/etc/sysconfig/iptables":
 	ensure  => present,
-	content => template("firewall/iptables.erb"),
 	mode    => 0600,
 	owner   => root,
 	group   => root,
@@ -59,13 +84,35 @@ class firewall::iptables {
 }
 
 
+# Linux iptables handler to install default firewall config.
+#
+class firewall::iptables inherits firewall::common::iptables {
+
+    File["/etc/sysconfig/iptables"] {
+	content => template("firewall/iptables.erb"),
+    }
+
+}
+
+
+# Linux iptables handler to install custom firewall config.
+#
+class firewall::custom::iptables inherits firewall::common::iptables {
+
+    File["/etc/sysconfig/iptables"] {
+	source  => [ "puppet:///files/firewall/iptables.${fqdn}",
+		     "puppet:///files/firewall/iptables", ],
+    }
+
+}
+
+
 # OpenBSD Packet Filter handler
 #
-class firewall::pf {
+class firewall::common::pf {
 
     file { "/etc/pf.conf":
 	ensure  => present,
-	content => template("firewall/pf.conf.erb"),
 	mode    => 0600,
 	owner   => root,
 	group   => wheel,
@@ -78,3 +125,26 @@ class firewall::pf {
     }
 
 }
+
+
+# OpenBSD Packet Filter handler for default config.
+#
+class firewall::pf inherits firewall::common::pf {
+
+    File["/etc/pf.conf"] {
+	content => template("firewall/pf.conf.erb"),
+    }
+
+}
+
+
+# OpenBSD Packet Filter handler for custom config.
+#
+class firewall::custom::pf inherits firewall::common::pf {
+
+    File["/etc/pf.conf"] {
+	source  => [ "puppet:///files/firewall/pf.conf.${fqdn}",
+		     "puppet:///files/firewall/pf.conf", ],
+    }
+
+}