diff --git a/handlers/main.yml b/handlers/main.yml
index 96b818bcab3a8d6b0f5e01b2983113991f5a678e..26f5fa9b530814f0b2dd37815af90610b9912771 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -3,3 +3,23 @@
   systemd:
     name: "postgresql"
     state: restarted
+
+- name: save iptables rules (Debian)
+  block:
+    - name: Ordner für iptables-Config erstellen
+      file:
+        path: "/etc/iptables"
+        state: directory
+        owner: "root"
+        group: "root"
+        mode: 0755
+      listen: "save iptables rules"
+    - name: install netfilter-persistent to be able to save iptables rules
+      apt:
+        name: netfilter-persistent
+        state: present
+      listen: "save iptables rules"
+    - name: save iptables rules
+      command: 'netfilter-persistent save'
+      listen: "save iptables rules"
+  when: ansible_os_family == "Debian"
diff --git a/tasks/configure_iptables_external.yml b/tasks/configure_iptables_external.yml
index e18f847764cd2d89d2c82e9b14389d81e581b86e..f0326fa3bdd0f21c0d481a6b893ad77949ec12a8 100644
--- a/tasks/configure_iptables_external.yml
+++ b/tasks/configure_iptables_external.yml
@@ -9,3 +9,4 @@
     protocol: "{{ item.protocol | default('tcp') }}"
     source: "{{ item.source }}"
   loop: "{{ vault_iptables_external }}"
+  notify: save iptables rules (Debian)