diff --git a/templates/iptables.conf.j2 b/templates/iptables.conf.j2
index 06c2f757979597819c1b83da8ab364d1c5b73a74..086270fd8c34a37b3ee0becf9cbcdc52d071648d 100644
--- a/templates/iptables.conf.j2
+++ b/templates/iptables.conf.j2
@@ -3,11 +3,11 @@
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
 :OUTPUT DROP [0:0]
-{% if inventory_hostname in groups.docker_elk %}
+{% if 'docker_elk' in groups and inventory_hostname in groups.docker_elk %}
 :DOCKER-USER - [0:0]
 {% endif %}
 :LOGGING - [0:0]
-{% if inventory_hostname in groups.docker_elk %}
+{% if 'docker_elk' in groups and inventory_hostname in groups.docker_elk %}
 ## DOCKER-USER chain
 # Autoriser les logs entrants des serveurs en maintenance
 {% for host in groups.full_maintenance %}
@@ -37,7 +37,7 @@
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 {% endif %}
-{% if inventory_hostname in groups.docker_nagios %}
+{% if 'docker_gitlab' in groups and inventory_hostname in groups.docker_nagios %}
 -A INPUT -s 192.168.239.0/24 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
 {% endif %}
 # NRPE
@@ -72,7 +72,7 @@
 -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
 {% endif %}
 -A OUTPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
-{% for host in groups.gitlab | union(groups.docker_gitlab) %}
+{% for host in groups.gitlab | union(groups.docker_gitlab | default([])) %}
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 22 -j ACCEPT
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5050 -j ACCEPT
 {% endfor %}
@@ -100,7 +100,7 @@
 -A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT
 {% if inventory_hostname in groups.full_maintenance %}
 # Log Server
-{% for host in groups.docker_elk %}
+{% for host in groups.docker_elk | default([]) %}
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
 {% endfor %}
 -A OUTPUT -d {{ logstash_public_ip }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT