diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
index 3b9e8959a..f88cdae1b 100755
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@@ -60,6 +60,7 @@ kalite_server_port={{ kalite_server_port }}
 sugarizer_port={{ sugarizer_port }}
 block_DNS={{ block_DNS }}
 captive_portal_enabled={{ captive_portal_enabled }}
+py_captive_portal_enabled={{ py_captive_portal_enabled }}
 
 echo "Lan is $lan and WAN is $wan"
 #
@@ -105,7 +106,7 @@ if [  "$gw_block_https" == "True" ]; then
 fi
 
 # Allow outgoing connections from the LAN side.
-if ! [ "$captive_portal_enabled" == "True" ];then
+if ! [ "$py_captive_portal_enabled" == "True" ];then
     $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
 fi
 # Don't forward from the outside to the inside.
@@ -117,13 +118,13 @@ if [ "$block_DNS" == "True" ];then
     $IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
 fi
 
-#if [ "$captive_portal_enabled" == "True" ];then
-#   $IPTABLES -t mangle -N internet
-#   $IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet
-#   $IPTABLES -t mangle -A internet -j MARK --set-mark 99
-#   $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}:
-
 if [ "$captive_portal_enabled" == "True" ];then
+   $IPTABLES -t mangle -N internet
+   $IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet
+   $IPTABLES -t mangle -A internet -j MARK --set-mark 99
+   $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
+
+elif [ "py_$captive_portal_enabled" == "True" ];then
     $IPTABLES  -t nat  -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:9090
 
 elif [ "$HTTPCACHE_ON" == "True" ]; then