diff --git a/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml b/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml
index 019b4c34..dc71109f 100644
--- a/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml
+++ b/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml
@@ -300,3 +300,9 @@ processors: {}
 # Logging level
 # Available log levels are error, warning, info, debug
 filebeat_log_level: "{{ elastic_beat_log_level | default('info') }}"
+
+# Enable IPtables logging module
+filebeat_iptables_enabled: false
+# The following allows one to specify log files in non-standard locations,
+# defaulting to log collection in syslog
+filebeat_iptables_log_paths: ["var/log/syslog"]
diff --git a/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2 b/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2
index be689d5e..5811b40e 100644
--- a/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2
+++ b/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2
@@ -209,6 +209,16 @@ filebeat.modules:
     # can be added under this section.
     #input:
 
+#------------------------------ IP Tables Module ------------------------------
+{% if (filebeat_iptables_enabled | bool) %}
+- module: iptables
+  # Syslog
+  log:
+    enabled: "true"
+    var.input: "file"
+    var.paths: {{ filebeat_iptables_log_paths | to_json }}
+{% endif %}
+
 #-------------------------------- Kafka Module --------------------------------
 #- module: kafka
   # All logs