diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
index 858786a14..9c6585e61 100755
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@@ -70,6 +70,10 @@ pbx_signaling_ports_chan_sip={{ pbx_signaling_ports_chan_sip }}
 pbx_signaling_ports_chan_pjsip={{ pbx_signaling_ports_chan_pjsip }}
 pbx_data_ports={{ pbx_data_ports }}
 pbx_enabled={{ pbx_enabled }}
+samba_enabled={{ samba_enabled }}
+samba_udp_ports={{ samba_udp_ports }}
+samba_tcp_mports={{ samba_tcp_mports }}
+
 block_DNS={{ block_DNS }}
 
 echo "LAN is $lan and WAN is $wan"
@@ -116,6 +120,11 @@ if [ "$services_externally_visible" == "True" ]; then
         $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT
         $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT
     fi
+
+    if [ "$samba_enabled" == "True" ]; then
+        $IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT
+        $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT
+    fi
 fi
 
 if [ "$iiab_gateway_enabled" == "True" ]; then