diff --git a/cookbooks/reverse_proxy/recipes/default.rb b/cookbooks/reverse_proxy/recipes/default.rb
index 7bf6463..6619f20 100644
--- a/cookbooks/reverse_proxy/recipes/default.rb
+++ b/cookbooks/reverse_proxy/recipes/default.rb
@@ -1,5 +1,17 @@
 package 'iptables-services'
 
+service 'iptables' do
+  action :enable
+  supports :restart => true
+end
+
+template '/etc/sysconfig/iptables' do
+  owner 'root'
+  group 'root'
+  mode  0644
+  notifies :restart, 'service[iptables]'
+end
+
 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do
   owner 'root'
   group 'root'
diff --git a/cookbooks/reverse_proxy/templates/firewall.erb b/cookbooks/reverse_proxy/templates/firewall.erb
deleted file mode 100644
index bdd1bc6..0000000
--- a/cookbooks/reverse_proxy/templates/firewall.erb
+++ /dev/null
@@ -1,17 +0,0 @@
-# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
-*nat
-:PREROUTING ACCEPT [5:493]
-:INPUT ACCEPT [5:493]
-:OUTPUT ACCEPT [2:138]
-:POSTROUTING ACCEPT [2:138]
--A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22
--A POSTROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['integration'] %>
-COMMIT
-# Completed on Thu Apr 16 20:28:15 2015
-# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
-*filter
-:INPUT ACCEPT [5675:7406907]
-:FORWARD ACCEPT [66:13348]
-:OUTPUT ACCEPT [3901:279969]
-COMMIT
-# Completed on Thu Apr 16 20:28:15 2015
diff --git a/cookbooks/reverse_proxy/templates/iptables.erb b/cookbooks/reverse_proxy/templates/iptables.erb
new file mode 100644
index 0000000..1548e08
--- /dev/null
+++ b/cookbooks/reverse_proxy/templates/iptables.erb
@@ -0,0 +1,17 @@
+# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
+*nat
+:PREROUTING ACCEPT [5:493]
+:INPUT ACCEPT [5:493]
+:OUTPUT ACCEPT [2:138]
+:POSTROUTING ACCEPT [2:138]
+-A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22
+-A POSTROUTING -d <%= node['peers']['integration'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['reverseproxy'] %>
+COMMIT
+# Completed on Thu Apr 16 20:28:15 2015
+# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
+*filter
+:INPUT ACCEPT [5675:7406907]
+:FORWARD ACCEPT [66:13348]
+:OUTPUT ACCEPT [3901:279969]
+COMMIT
+# Completed on Thu Apr 16 20:28:15 2015
--
libgit2 0.21.2