diff --git a/apertis-ospack-basesdk.yaml b/apertis-ospack-basesdk.yaml
index b857bc8efb55080038327b20e9698c7f9428ca5f..5d279d78919a285eb688c69650c44407d493a02c 100644
--- a/apertis-ospack-basesdk.yaml
+++ b/apertis-ospack-basesdk.yaml
@@ -107,6 +107,7 @@ actions:
       - initramfs-tools
       - iproute2
       - iptables
+      - iptables-persistent
       - kmod
       - libgupnp-1.0-4
       - liblockfile-bin
@@ -470,6 +471,9 @@ actions:
   - action: overlay
     source: overlays/loopback-interface
 
+  - action: overlay
+    source: overlays/iptables-rules
+
   - action: overlay
     source: overlays/media-tmpfs
 
diff --git a/apertis-ospack-devroot.yaml b/apertis-ospack-devroot.yaml
index a18682e545b4745add3794a794b90f05b00f42cb..a61e0d761d80c863062d49f7e512c95004a2d692 100644
--- a/apertis-ospack-devroot.yaml
+++ b/apertis-ospack-devroot.yaml
@@ -136,6 +136,7 @@ actions:
       - initramfs-tools
       - iproute2
       - iptables
+      - iptables-persistent
       - kmod
       - libgupnp-1.0-4
       - liblockfile-bin
@@ -366,6 +367,9 @@ actions:
   - action: overlay
     source: overlays/loopback-interface
 
+  - action: overlay
+    source: overlays/iptables-rules
+
   - action: overlay
     source: overlays/media-tmpfs
 
diff --git a/apertis-ospack-sdk.yaml b/apertis-ospack-sdk.yaml
index 6d209636953c6400190322d54049f408c074b676..115b9319a301f4a5596622d62c50687aa6692bef 100644
--- a/apertis-ospack-sdk.yaml
+++ b/apertis-ospack-sdk.yaml
@@ -130,6 +130,7 @@ actions:
       - initramfs-tools
       - iproute2
       - iptables
+      - iptables-persistent
       - kmod
       - libgupnp-1.0-4
       - liblockfile-bin
@@ -659,6 +660,9 @@ actions:
   - action: overlay
     source: overlays/loopback-interface
 
+  - action: overlay
+    source: overlays/iptables-rules
+
   - action: overlay
     source: overlays/media-tmpfs
 
diff --git a/apertis-ospack-target.yaml b/apertis-ospack-target.yaml
index 1e59b3986267db31ee417d9096e7acfd20c5f452..7096dd084e5c7cf05a19b72ba7bd428b5380c631 100644
--- a/apertis-ospack-target.yaml
+++ b/apertis-ospack-target.yaml
@@ -137,6 +137,7 @@ actions:
       - initramfs-tools
       - iproute2
       - iptables
+      - iptables-persistent
       - kmod
       - libgupnp-1.0-4
       - liblockfile-bin
@@ -209,6 +210,9 @@ actions:
   - action: overlay
     source: overlays/loopback-interface
 
+  - action: overlay
+    source: overlays/iptables-rules
+
   - action: overlay
     source: overlays/media-tmpfs
 
diff --git a/overlays/iptables-rules/etc/iptables/rules.v4 b/overlays/iptables-rules/etc/iptables/rules.v4
new file mode 100644
index 0000000000000000000000000000000000000000..5d5cd9283b0d425833c23a3512bdf5fb56607355
--- /dev/null
+++ b/overlays/iptables-rules/etc/iptables/rules.v4
@@ -0,0 +1,31 @@
+# sample configuration for iptables service
+# you can edit this manually
+# inspired from Fedora's packaging of iptables on:
+# git://pkgs.fedoraproject.org/iptables.git
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i gpic0 -j ACCEPT
+# Accept http
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+# Accept ssh for development
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+# Accept mDNS and UPnP (Avahi)
+-A INPUT -p udp -m udp --dport 1900 -j ACCEPT
+-A INPUT -p udp -m udp --dport 5353 -d 224.0.0.251 -j ACCEPT
+# Accept dhcp/dns and forwarding on the tether interface
+-A INPUT -p udp --dport 67 -i tether -j ACCEPT
+-A INPUT -p udp --dport 53 -i tether -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT
+
+-A FORWARD -i tether -j ACCEPT
+-A FORWARD -o tether -j ACCEPT
+
+# Reject everything else
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
diff --git a/overlays/iptables-rules/etc/iptables/rules.v6 b/overlays/iptables-rules/etc/iptables/rules.v6
new file mode 100644
index 0000000000000000000000000000000000000000..9e1f579d086ba3e22cf0a39fa488d1f5f0cf0458
--- /dev/null
+++ b/overlays/iptables-rules/etc/iptables/rules.v6
@@ -0,0 +1,16 @@
+# sample configuration for ip6tables service
+# you can edit this manually
+# inspired from Fedora's packaging of iptables on:
+# git://pkgs.fedoraproject.org/iptables.git
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT