diff --git a/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml b/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml
index 0609dd008..4bd58d4f1 100644
--- a/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml
@@ -31,6 +31,20 @@
 #     ensure: 'absent'
 tripleo_firewall_rules: {}
 
+tripleo_firewall_frontend_enabled: false
+
+tripleo_firewall_frontend_rules: {}
+
+tripleo_firewall_ssl_frontend_enabled: false
+
+tripleo_firewall_ssl_frontend_rules: {}
+
+tripleo_firewall_edge_frontend_enabled: false
+
+tripleo_firewall_edge_frontend_rules: {}
+
+tripleo_firewall_edge_ssl_frontend_rules: {}
+
 tripleo_firewall_default_rules:
   '000 accept related established rules':
     proto: all
diff --git a/tripleo_ansible/roles/tripleo_firewall/tasks/main.yml b/tripleo_ansible/roles/tripleo_firewall/tasks/main.yml
index 6a938e2a1..8e7c731ac 100644
--- a/tripleo_ansible/roles/tripleo_firewall/tasks/main.yml
+++ b/tripleo_ansible/roles/tripleo_firewall/tasks/main.yml
@@ -31,11 +31,55 @@
 - name: Get masquerade rules
   import_tasks: masquerade.yaml
 
+- name: Set the default frontend firewall rules
+  set_fact:
+    tripleo_firewall_frontend_rules_real: {}
+
+- name: When frontend rules are required
+  when: tripleo_firewall_frontend_enabled
+  block:
+    - name: Not in edge site
+      when: not tripleo_firewall_edge_frontend_enabled
+      block:
+        - name: Set frontend rule fact (non-ssl rules)
+          set_fact:
+            tripleo_firewall_frontend_rules_real: "{{
+              tripleo_firewall_frontend_rules_real |
+              combine(tripleo_firewall_frontend_rules)
+            }}"
+
+        - name: Set frontend rule fact (ssl rules)
+          when: tripleo_firewall_ssl_frontend_enabled
+          set_fact:
+            tripleo_firewall_frontend_rules_real: "{{
+              tripleo_firewall_frontend_rules_real |
+              combine(tripleo_firewall_ssl_frontend_rules)
+            }}"
+
+    - name: In edge site
+      when: tripleo_firewall_edge_frontend_enabled
+      block:
+        - name: Set frontend rule fact (non-ssl rules)
+          set_fact:
+            tripleo_firewall_frontend_rules_real: "{{
+              tripleo_firewall_frontend_rules_real |
+              combine(tripleo_firewall_edge_frontend_rules)
+            }}"
+
+        - name: Set frontend rule fact (ssl rules)
+          when: tripleo_firewall_ssl_frontend_enabled
+          set_fact:
+            tripleo_firewall_frontend_rules_real: "{{
+              tripleo_firewall_frontend_rules_real |
+              combine(tripleo_firewall_edge_ssl_frontend_rules)
+            }}"
+
 - name: Set rule fact
   set_fact:
     firewall_rules_sorted: "{{
       tripleo_firewall_default_rules |
       combine(tripleo_firewall_rules) |
+      combine(tripleo_firewall_frontend_rules_real) |
       combine(masquerade_rules|from_yaml) |
       dict2items(key_name='rule_name', value_name='rule') |
       sort(attribute='rule_name') |