diff --git a/defaults/main.yml b/defaults/main.yml
index 935d00f..bf5f1a3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,6 +2,7 @@
 iptables_persistent_enabled: True
 #iptables_default_policy: REJECT
 iptables_default_policy: ACCEPT
+iptables_log_untracked_traffic: False
 iptables_nat_enabled: False
 iptables_nat_specify_interfaces: True
 iptables_post_nat_enabled: False
diff --git a/templates/iptables-rules.v4.j2 b/templates/iptables-rules.v4.j2
index cead908..ef588c3 100644
--- a/templates/iptables-rules.v4.j2
+++ b/templates/iptables-rules.v4.j2
@@ -261,12 +261,12 @@
 {% endif %}
 {% endif %}
 {% endif %}
-{% if tomcat_cluster_enabled %}
+{% if hybernate_cluster_enabled %}
 # tomcat cluster
--A INPUT -m pkttype --pkt-type multicast -d {{ tomcat_cluster_multicast_addr }} -j ACCEPT
--A INPUT -m state --state NEW -p tcp -m tcp --dport {{ tomcat_cluster_multicast_port }} -j ACCEPT
-{% if tomcat_cluster_multicast_net is defined %}
--A INPUT -d {{ tomcat_cluster_multicast_net }} -j ACCEPT
+-A INPUT -m pkttype --pkt-type multicast -d {{ hybernate__multicast_addr }} -j ACCEPT
+-A INPUT -m state --state NEW -p tcp -m tcp --dport {{ hybernate_multicast_port }} -j ACCEPT
+{% if hybernate_multicast_net is defined %}
+-A INPUT -d {{ hybernate_multicast_net }} -j ACCEPT
 {% endif %}
 {% endif %}
 {% if orientdb_hazelcast_multicast_enabled is defined and orientdb_hazelcast_multicast_enabled %}
@@ -330,6 +330,9 @@
 {% endif %}
 #
 # INPUT POLICY
+{% if iptables_log_untracked_traffic %}
+-A INPUT -j LOG --log-prefix "INPUT_UNTRACKED " --log-uid
+{% endif %}
 {% if iptables_input_default_policy == 'REJECT' %}
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 {% else %}
@@ -343,6 +346,9 @@
 -A FORWARD {{ rule.options }} -j ACCEPT
 {% endfor %}
 {% endif %}
+{% if iptables_log_untracked_traffic %}
+-A FORWARD -j LOG --log-prefix "FORWARDING_UNTRACKED " --log-uid
+{% endif %}
 {% if iptables_forward_default_policy == 'REJECT' %}
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 {% else %}
@@ -377,5 +383,8 @@ COMMIT
 {% for rule in iptables_nat_rules %}
 -A POSTROUTING {{ rule.options }} -j {{ rule.action | default('MASQUERADE') }}
 {% endfor %}
+{% if iptables_log_untracked_traffic %}
+-A POSTROUTING -j LOG --log-prefix "POSTROUTING_UNTRACKED " --log-uid
+{% endif %}
 COMMIT
 {% endif %}