diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
index a9c215803..858786a14 100755
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@@ -66,6 +66,10 @@ sugarizer_port={{ sugarizer_port }}
 nodered_port={{ nodered_port }}
 mosquitto_port={{ mosquitto_port }}
 minetest_port={{ minetest_port }}
+pbx_signaling_ports_chan_sip={{ pbx_signaling_ports_chan_sip }}
+pbx_signaling_ports_chan_pjsip={{ pbx_signaling_ports_chan_pjsip }}
+pbx_data_ports={{ pbx_data_ports }}
+pbx_enabled={{ pbx_enabled }}
 block_DNS={{ block_DNS }}
 
 echo "LAN is $lan and WAN is $wan"
@@ -106,6 +110,12 @@ if [ "$services_externally_visible" == "True" ]; then
     $IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT
     $IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT
     $IPTABLES -A INPUT -p udp --dport $minetest_port -m state --state NEW -i $wan -j ACCEPT
+
+    if [ "$pbx_enabled" == "True" ]; then
+        $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_sip -m state --state NEW -i $wan -j ACCEPT
+        $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT
+        $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT
+    fi
 fi
 
 if [ "$iiab_gateway_enabled" == "True" ]; then
diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml
index 1fa44b5cc..5c5da4892 100644
--- a/roles/pbx/defaults/main.yml
+++ b/roles/pbx/defaults/main.yml
@@ -1,6 +1,9 @@
 # pbx_install: False
 # pbx_enabled: False
 # asterisk_chan_dongle: False
+# pbx_signaling_ports_chan_sip: "5160:5161"
+# pbx_signaling_ports_chan_pjsip: "5060"
+# pbx_data_ports: "10000:20000"
 
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 675664c10..37a430d17 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -301,6 +301,9 @@ nextcloud_enabled: False
 pbx_install: False
 pbx_enabled: False
 asterisk_chan_dongle: False
+pbx_signaling_ports_chan_sip: "5160:5161"
+pbx_signaling_ports_chan_pjsip: "5060"
+pbx_data_ports: "10000:20000"
 
 # If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
 wordpress_install: False