diff --git a/README.md b/README.md
index 5a575b1..95eb598 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,8 @@ You can read more about Nebula [on the official repo](https://github.com/slackhq
     nebula_lighthouse_public_hostname: lighthouse.company.com
     nebula_lighthouse_public_port: 4242
 
+    nebula_firewall_drop_action: reject
+
     nebula_inbound_rules:
       - { port: "any", proto: "icmp", host: "any" }
       - { port: 22, proto: "tcp", host: "any" }
diff --git a/defaults/main.yml b/defaults/main.yml
index 81e90cb..4ce00c4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,4 @@
-nebula_version: 1.6.1
+nebula_version: 1.7.1
 nebula_network_name: "My Nebula Mesh Network"
 nebula_network_cidr: 24
 nebula_ca_cert_duration: "87600h0m0s" #10 years
@@ -15,6 +15,8 @@ nebula_lighthouse_public_hostname: my-nebula-server.com
 nebula_lighthouse_public_port: 4242
 nebula_lighthouse_extra_config: {}
 
+nebula_firewall_block_action: drop
+
 nebula_inbound_rules:
   - { port: "any", proto: "any", host: "any" }
 nebula_outbound_rules:
diff --git a/templates/lighthouse_config.yml.j2 b/templates/lighthouse_config.yml.j2
index c0595cb..a0c9e1b 100644
--- a/templates/lighthouse_config.yml.j2
+++ b/templates/lighthouse_config.yml.j2
@@ -74,6 +74,8 @@ logging:
 # one node from another.
 #
 firewall:
+  outbound_action: {{ nebula_firewall_block_action | default('drop') }}
+  inbound_action: {{ nebula_firewall_block_action | default('drop') }}
   conntrack:
     tcp_timeout: 120h
     udp_timeout: 3m
diff --git a/templates/node_config.yml.j2 b/templates/node_config.yml.j2
index d67e7fa..410af49 100644
--- a/templates/node_config.yml.j2
+++ b/templates/node_config.yml.j2
@@ -71,6 +71,8 @@ logging:
 # one node from another.
 #
 firewall:
+  outbound_action: {{ nebula_firewall_block_action | default('drop') }}
+  inbound_action: {{ nebula_firewall_block_action | default('drop') }}
   conntrack:
     tcp_timeout: 120h
     udp_timeout: 3m