diff --git a/templates/iptables.conf.j2 b/templates/iptables.conf.j2
index 2f2e4493ffa3499708670b46f4528f3e7c1dbd7f..275617c3ff9f4c7299c4630ae2a8b3f4e41cc036 100644
--- a/templates/iptables.conf.j2
+++ b/templates/iptables.conf.j2
@@ -27,8 +27,13 @@
 {% endif %}
 # SSH
 -A INPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
+{% if inventory_hostname in groups.gitlab %}
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+# REGISTRY
+-A INPUT -p tcp -m tcp --dport 5050 -j ACCEPT
+{% endif %}
 # WEB
-{% if inventory_hostname in groups.odoo_server or inventory_hostname in groups.owncloud_server %}
+{% if inventory_hostname in groups.odoo_server | union(groups.owncloud_server) | union(groups.gitlab) %}
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 {% endif %}
@@ -67,6 +72,10 @@
 -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
 {% endif %}
 -A OUTPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
+{% for host in groups.gitlab | union(groups.docker_gitlab) %}
+-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 22 -j ACCEPT
+-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5050 -j ACCEPT
+{% endfor %}
 # WEB
 -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
@@ -96,7 +105,7 @@
 # IMAP
 -A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
 {% endif %}
-{% if inventory_hostname in groups.docker_nagios %}
+{% if inventory_hostname in groups.nagios %}
 # NRPE
 -A OUTPUT -p tcp -m tcp --dport 5666 -j ACCEPT
 {% endif %}