diff --git a/host_vars/file-ah.kanzlei-kiel.netz.yml b/host_vars/file-ah.kanzlei-kiel.netz.yml
index 174d9dd..8b8424e 100644
--- a/host_vars/file-ah.kanzlei-kiel.netz.yml
+++ b/host_vars/file-ah.kanzlei-kiel.netz.yml
@@ -378,6 +378,10 @@ samba_user:
     groups: []
     password: '20-HH_caro.pueschel-%21'
 
+  - name: hh-stork
+    groups: []
+    password: '20-ni-na.stork_%24'
+
   - name: kiel-nb1
     groups:
       - buero
diff --git a/roles/modify-ipt-gateway/tasks/main.yml b/roles/modify-ipt-gateway/tasks/main.yml
index d9b1942..7fc5ee7 100644
--- a/roles/modify-ipt-gateway/tasks/main.yml
+++ b/roles/modify-ipt-gateway/tasks/main.yml
@@ -132,6 +132,72 @@
     - Restart IPv4 Firewall
 
 
+# ---
+# FreeIPA Service
+# ---
+
+- name: Check if String 'freeipa_udp_in_ports..' (IPv4) is present
+  shell: grep -q -E "^#?freeipa_udp_in_ports=" /etc/ipt-firewall/main_ipv4.conf
+  register: freeipa_udp_in_ports_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "freeipa_udp_in_ports_ipv4_present.rc > 1"
+  changed_when: "freeipa_udp_in_ports_ipv4_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (FreeIPA Service)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*snmp_trap_port'
+    block: |
+
+      # ======
+      # - FreeIPA Service
+      # ======
+
+      # - FreeIPA services local Networks
+      # -
+      freeipa_server_ips=""
+
+      # - FreeIPA (in) Ports
+      # -
+      freeipa_tcp_in_ports="$standard_freeipa_tcp_in_ports"
+      freeipa_udp_in_ports="$standard_freeipa_udp_in_ports"
+    marker: "# Marker set by modify-ipt-gateway.yml (FreeIPA Service)"
+  when: 
+    - main_ipv4_exists.stat.exists
+    - freeipa_udp_in_ports_ipv4_present is changed
+
+
+- name: Check if String 'freeipa_udp_in_ports..' (IPv6) is present
+  shell: grep -q -E "^#?freeipa_udp_in_ports=" /etc/ipt-firewall/main_ipv6.conf
+  register: freeipa_udp_in_ports_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "freeipa_udp_in_ports_ipv6_present.rc > 1"
+  changed_when: "freeipa_udp_in_ports_ipv6_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (FreeIPA Service)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*vpn_out_ports='
+    block: |
+
+      # ======
+      # - FreeIPA Service
+      # ======
+
+      # - FreeIPA services local Networks
+      # -
+      freeipa_server_ips=""
+
+      # - FreeIPA (in) Ports
+      # -
+      freeipa_tcp_in_ports="$standard_freeipa_tcp_in_ports"
+      freeipa_udp_in_ports="$standard_freeipa_udp_in_ports"
+    marker: "# Marker set by modify-ipt-gateway.yml (FreeIPA Service)"
+  when: 
+    - main_ipv6_exists.stat.exists
+    - freeipa_udp_in_ports_ipv6_present is changed
+
+
 # ---
 # Restrict VPN Networks
 # ---