diff --git a/files/iptables/iptables.sign b/files/iptables/iptables.sign
new file mode 100644
index 0000000000..4e88ecba74
--- /dev/null
+++ b/files/iptables/iptables.sign
@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
+-A INPUT -p icmp -j ACCEPT 
+-A INPUT -i lo -j ACCEPT 
+-A INPUT -j REJECT --reject-with icmp-host-prohibited 
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
+COMMIT
+
diff --git a/inventory/group_vars/sign b/inventory/group_vars/sign
index 4b42409a4a..d962812ae6 100644
--- a/inventory/group_vars/sign
+++ b/inventory/group_vars/sign
@@ -1,3 +1,4 @@
 ---
 freezes: true
 postfix_group: sign
+iptables: $files/iptables/iptables.sign
diff --git a/playbooks/groups/sign.yml b/playbooks/groups/sign.yml
index 8c69bdc793..ac21d3e770 100644
--- a/playbooks/groups/sign.yml
+++ b/playbooks/groups/sign.yml
@@ -20,7 +20,6 @@
   - include: $tasks/base.yml
   - include: $tasks/rkhunter.yml
   - include: $tasks/motd.yml
-  - include: $tasks/postfix_basic.yml
   - include: $tasks/sign_setup.yml
 
   handlers: