diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 6166705a67..cfdb02735f 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -26,6 +26,9 @@
 - name: Restart iptables
   action: service name=iptables state=restarted
 
+- name: Restart nftables
+  action: service name=nftables state=restarted
+
 - name: Restart ip6tables
   action: service name=ip6tables state=restarted
 
diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml
index 135e3e9bce..e9a48d524b 100644
--- a/roles/base/handlers/main.yml
+++ b/roles/base/handlers/main.yml
@@ -9,6 +9,9 @@
 - name: Restart iptables
   service: name=iptables state=restarted
 
+- name: Restart nftables
+  service: name=nftables state=restarted
+
 - name: Restart ip6tables
   service: name=ip6tables state=restarted
 
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 95c21ad1eb..8f2ec67d05 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -218,6 +218,29 @@
   - config
   - base
 
+- name: Nftables
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: /etc/sysconfig/nftables.conf
+    mode: '0600'
+    validate: "/sbin/nft --check --file %s"
+  with_first_found:
+    - nftables/nftables.{{ datacenter }}
+    - nftables/nftables.{{ inventory_hostname }}
+    - nftables/nftables.{{ host_group }}
+    - nftables/nftables.{{ env }}
+    - nftables/nftables
+  when:
+  - baseiptables|bool
+  - nftables
+  notify:
+  - Restart nftables
+  - Reload libvirtd
+  tags:
+  - iptables
+  - config
+  - base
+
 - name: Iptables service enabled
   service: name=iptables state=started enabled=true
   tags: