diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index ce8b9e07..f31e94db 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -69,6 +69,7 @@
 {% if psql_firewall_enabled %}
 {% if psql_db_port is defined %}
 {% if psql_listen_on_ext_int %}
+{% if psql_db_data is defined %}
 # postgresql clients
 {% for db in psql_db_data %}
 {% for ip in db.allowed_hosts %}
@@ -76,6 +77,7 @@
 {% endfor %}
 {% endfor %}
 {% endif %}
+{% endif %}
 -A INPUT -m state --state NEW -s {{ ansible_default_ipv4.address }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT
 -A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
 {% endif %}