diff --git a/host_vars/zapata.opp.netz.yml b/host_vars/zapata.opp.netz.yml
index 90e9e13..e2e05c8 100644
--- a/host_vars/zapata.opp.netz.yml
+++ b/host_vars/zapata.opp.netz.yml
@@ -303,6 +303,11 @@ samba_user:
       - beratung
     password: 'Jul14n_2018'
 
+  - name: junia
+    groups:
+      - buero
+    password: 'jun1a#adb22'
+
   - name: kyra
     groups:
       - buero
diff --git a/roles/modify-ipt-server/tasks/main.yml b/roles/modify-ipt-server/tasks/main.yml
index 8880aee..af363c0 100644
--- a/roles/modify-ipt-server/tasks/main.yml
+++ b/roles/modify-ipt-server/tasks/main.yml
@@ -76,6 +76,8 @@
     line: 'vpn_ifs="tun+"'
   when: 
       - interfaces_ipv4_exists.stat.exists
+  notify:
+    - Restart IPv4 Firewall
 
 - name: addjust line 'vpn_ifs' (IPv6)
   lineinfile:
@@ -84,6 +86,8 @@
     line: 'vpn_ifs="tun+"'
   when: 
       - interfaces_ipv6_exists.stat.exists
+  notify:
+    - Restart IPv6 Firewall
 
 
 # ===
@@ -115,6 +119,8 @@
   when:
     - interfaces_ipv4_exists.stat.exists
     - wg_ifs_interfaces_ipv4_present is changed
+  notify:
+    - Restart IPv4 Firewall
 
 
 - name: Check if String 'wg_ifs=..' is present in interfaces_ipv6.conf
@@ -138,6 +144,62 @@
   when:
     - interfaces_ipv6_exists.stat.exists
     - wg_ifs_interfaces_ipv6_present is changed
+  notify:
+    - Restart IPv6 Firewall
+
+
+- name: Check if String 'nat_devices=..' is present in interfaces_ipv4.conf
+  shell: grep -q -E "^nat_devices=" /etc/ipt-firewall/interfaces_ipv4.conf
+  register: nat_devices_interfaces_ipv4_present
+  when: interfaces_ipv4_exists.stat.exists
+  failed_when: "nat_devices_interfaces_ipv4_present.rc > 1"
+  changed_when: "nat_devices_interfaces_ipv4_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/interfaces_ipv4.conf' (nat_devices)
+  blockinfile:
+    path: /etc/ipt-firewall/interfaces_ipv4.conf
+    insertafter: '^#?\s*local_2_ip'
+    block: |
+
+      # - Devices given in list "nat_devices" will be natted
+      # -
+      # - Blank separated list
+      # -
+      nat_devices=""
+
+    marker: "# Marker set by modify-ipt-server.yml (nat_devices)"
+  when:
+    - interfaces_ipv4_exists.stat.exists
+    - nat_devices_interfaces_ipv4_present is changed
+  notify:
+    - Restart IPv4 Firewall
+
+
+- name: Check if String 'nat_devices=..' is present in interfaces_ipv6.conf
+  shell: grep -q -E "^nat_devices=" /etc/ipt-firewall/interfaces_ipv6.conf
+  register: nat_devices_interfaces_ipv6_present
+  when: interfaces_ipv6_exists.stat.exists
+  failed_when: "nat_devices_interfaces_ipv6_present.rc > 1"
+  changed_when: "nat_devices_interfaces_ipv6_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/interfaces_ipv6.conf' (nat_devices)
+  blockinfile:
+    path: /etc/ipt-firewall/interfaces_ipv6.conf
+    insertafter: '^#?\s*local_2_ip'
+    block: |
+
+      # - Devices given in list "nat_devices" will be natted
+      # -
+      # - Blank separated list
+      # -
+      nat_devices=""
+
+    marker: "# Marker set by modify-ipt-server.yml (nat_devices)"
+  when:
+    - interfaces_ipv6_exists.stat.exists
+    - nat_devices_interfaces_ipv6_present is changed
+  notify:
+    - Restart IPv6 Firewall
 
 
 - name: Check if String 'wireguard_server_ips=..' is present
@@ -172,6 +234,8 @@
   when:
     - main_ipv4_exists.stat.exists
     - wireguard_service_ipv4_present is changed
+  notify:
+    - Restart IPv4 Firewall
 
 
 - name: Check if String 'wireguard_server_ips=..' is present
@@ -206,6 +270,8 @@
   when:
     - main_ipv6_exists.stat.exists
     - wireguard_service_ipv6_present is changed
+  notify:
+    - Restart IPv6 Firewall
 
 
 # ===