diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 9be409c42ff7ef979470fac0cc4202f2a0917409..0333dba87d8d4fd00c63c84a52d186344cb4a177 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -180,17 +180,24 @@
   command: "/usr/sbin/update-ca-certificates --fresh"
   when: deploy_ca_certificates_result.changed
 
-- name: Set-up diversions for legacy iptables tools (prevents ferm from locating and using them)
+- name: Set-up file diversions for custom files that overrride package-provided ones
   command: "dpkg-divert --divert '{{ item }}.original' --rename '{{ item }}'"
-  register: "iptables_legacy_divert"
-  changed_when: "'Adding' in iptables_legacy_divert.stdout"
+  register: "dpkg_divert"
+  changed_when: "'Adding' in dpkg_divert.stdout"
   with_items:
-    - "/usr/sbin/iptables-legacy"
-    - "/usr/sbin/iptables-legacy-restore"
-    - "/usr/sbin/iptables-legacy-save"
-    - "/usr/sbin/ip6tables-legacy"
-    - "/usr/sbin/ip6tables-legacy-restore"
-    - "/usr/sbin/ip6tables-legacy-save"
+    - "/usr/sbin/ferm"
+  notify:
+    - Restart ferm
+
+- name: Deploy the patched ferm binary that disables use of legacy iptables
+  copy:
+    src: ferm_binary
+    dest: /usr/sbin/ferm
+    owner: root
+    group: root
+    mode: 0755
+  notify:
+    - Restart ferm
 
 - name: Install ferm (for firewall management)
   apt:
@@ -199,7 +206,7 @@
 
 - name: Configure ferm init script coniguration file
   copy:
-    src: "ferm"
+    src: "ferm_default"
     dest: "/etc/default/ferm"
     owner: root
     group: root
@@ -241,6 +248,21 @@
     state: started
     enabled: true
 
+- name: Deploy script for flushing legacy iptables rules
+  copy:
+    src: "legacy_iptables_rules.sh"
+    dest: "/usr/local/sbin/drop_legacy_iptables_rules.sh"
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Drop legacy iptables rules
+  command: "/usr/local/sbin/drop_legacy_iptables_rules.sh remove"
+  register: legacy_iptables_rules
+  changed_when: "'Removed legacy iptables for families' in legacy_iptables_rules.stdout"
+  notify:
+    - Restart ferm
+
 - name: Deploy script for validating server certificates
   copy:
     src: "check_certificate.sh"