diff --git a/cdist/conf/type/__panter_iptables/manifest b/cdist/conf/type/__panter_iptables/manifest
new file mode 100644
index 00000000..14ab786f
--- /dev/null
+++ b/cdist/conf/type/__panter_iptables/manifest
@@ -0,0 +1,9 @@
+__iptables_rule policy-in  --rule "-P INPUT DROP"
+__iptables_rule policy-out  --rule "-P OUTPUT ACCEPT"
+__iptables_rule policy-fwd  --rule "-P FORWARD DROP"
+
+__iptables_rule established  --rule "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT"
+__iptables_rule http  --rule "-A INPUT -p tcp --dport 80 -j ACCEPT"
+__iptables_rule ssh   --rule "-A INPUT -p tcp --dport 80 -j ACCEPT"
+__iptables_rule https --rule "-A INPUT -p tcp --dport 443 -j ACCEPT"
+__iptables_rule munin --rule "-A INPUT -p tcp --dport 4949 -j ACCEPT"
diff --git a/cdist/conf/type/__panter_iptables/singleton b/cdist/conf/type/__panter_iptables/singleton
new file mode 100644
index 00000000..e69de29b