diff --git a/roles/common/tasks/firewall_Debian.yml b/roles/common/tasks/firewall_Debian.yml
index 8d05b34..efe7832 100644
--- a/roles/common/tasks/firewall_Debian.yml
+++ b/roles/common/tasks/firewall_Debian.yml
@@ -27,12 +27,6 @@
     when: ansible_distribution_major_version is version('11', '>=')
     systemd: name=nftables state=started enabled=yes
 
-  - name: Copy nftables.conf
-    when: ansible_distribution_major_version is version('11', '>=')
-    template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
-    notify:
-      - reload nftables
-
   - name: Create /etc/nftables extra config directory
     when: ansible_distribution_major_version is version('11', '>=')
     file: path=/etc/nftables state=directory owner=root mode=0755
@@ -131,6 +125,12 @@
     when: ansible_distribution_version is version('11', '>=')
     systemd: name=update-spamhaus-nftables.timer state=started enabled=yes
 
+  - name: Copy nftables.conf
+    when: ansible_distribution_major_version is version('11', '>=')
+    template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
+    notify:
+      - reload nftables
+
   - include_tasks: fail2ban.yml
     when: ansible_distribution_major_version is version('9', '>=')
   tags: firewall
diff --git a/roles/common/tasks/firewall_Ubuntu.yml b/roles/common/tasks/firewall_Ubuntu.yml
index 6486558..11a9625 100644
--- a/roles/common/tasks/firewall_Ubuntu.yml
+++ b/roles/common/tasks/firewall_Ubuntu.yml
@@ -29,10 +29,6 @@
     when: ansible_distribution_version is version('16.04', '>=')
     apt: pkg=ufw state=absent
 
-  - name: Start and enable nftables
-    when: ansible_distribution_version is version('20.04', '>=')
-    systemd: name=nftables state=started enabled=yes
-
   - name: Copy nftables.conf
     when: ansible_distribution_version is version('20.04', '>=')
     template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
@@ -116,6 +112,10 @@
     when: ansible_distribution_version is version('20.04', '>=')
     systemd: name=update-spamhaus-nftables.timer state=started enabled=yes
 
+  - name: Start and enable nftables
+    when: ansible_distribution_version is version('20.04', '>=')
+    systemd: name=nftables state=started enabled=yes
+
   - include_tasks: fail2ban.yml
     when: ansible_distribution_version is version('16.04', '>=')
   tags: firewall