diff --git a/templates/ip6tables.conf.j2 b/templates/ip6tables.conf.j2
index a608840754f00f9876d7e61d80686ae9362bc52e..75912e4efef216717d0ce8d12ebe3ea99abd462a 100644
--- a/templates/ip6tables.conf.j2
+++ b/templates/ip6tables.conf.j2
@@ -14,7 +14,17 @@
 # Autoriser le DHCPv6 sur le lien local uniquement
 -A INPUT -m state --state NEW -m udp -p udp -s fe80::/10 --dport 546 -j ACCEPT
 # SSH
--A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
+{% if inventory_hostname in groups.gitlab | default([]) %}
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+# REGISTRY
+-A INPUT -p tcp -m tcp --dport 5050 -j ACCEPT
+{% endif %}
+# WEB
+{% if inventory_hostname in groups.odoo_server | default([]) | union(groups.owncloud_server | default([])) | union(groups.gitlab | default([])) %}
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
+{% endif %}
 # Log incoming traffic blocked by IPTables
 -A INPUT -j LOGGING
 ## OUTPUT chain
@@ -29,6 +39,10 @@
 # WEB
 -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
+{% if inventory_hostname in groups.gitlab | default([]) %}
+# Plesk WebHooks
+-A OUTPUT -p tcp -m tcp --dport 8443 -j ACCEPT
+{% endif %}
 # DNS
 -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
@@ -44,6 +58,10 @@
 -A OUTPUT -p udp -m udp -s fe80::/10 --dport 547 -j ACCEPT
 # GPG
 -A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT
+{% if inventory_hostname in groups.odoo_server | default([]) %}
+# IMAP
+-A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
+{% endif %}
 # Log outgoing traffic blocked by IPTables
 -A OUTPUT -j LOGGING
 ## LOGGING chain