diff --git a/roles/crowdsec/defaults/main.yml b/roles/crowdsec/defaults/main.yml
index 8a7891d..4c5eba2 100644
--- a/roles/crowdsec/defaults/main.yml
+++ b/roles/crowdsec/defaults/main.yml
@@ -36,8 +36,6 @@ crowdsec_lapi_server: "{{ inventory_hostname }}"
 # Requires crowdsec_lapi_enabled to be true too
 crowdsec_capi_enabled: False
 
-# Prometheus metrics
-crowdsec_prometheus_enabled: False
 # Port on which the prometheus metric endpoint will bind to
 crowdsec_prometheus_port: 6060
 # List of IP/CIDR allowed to access the prometheus port
diff --git a/roles/crowdsec/templates/config.yaml.j2 b/roles/crowdsec/templates/config.yaml.j2
index 0268213..f5a0d0a 100644
--- a/roles/crowdsec/templates/config.yaml.j2
+++ b/roles/crowdsec/templates/config.yaml.j2
@@ -48,11 +48,9 @@ api:
 {% endif %}
 {% endif %}
 
-{% if crowdsec_prometheus_enabled %}
 prometheus:
   enabled: true
   level: full
-  listen_addr: 0.0.0.0
+  listen_addr: {{ (crowdsec_prometheus_src_ip | length > 0) | ternary(ansible_all_ipv4_addresses[0],'127.0.0.1') }}
   listen_port: {{ crowdsec_prometheus_port }}
-{% endif %}
 
diff --git a/roles/crowdsec_bouncer_firewall/tasks/install.yml b/roles/crowdsec_bouncer_firewall/tasks/install.yml
index 5de4fa9..241edee 100644
--- a/roles/crowdsec_bouncer_firewall/tasks/install.yml
+++ b/roles/crowdsec_bouncer_firewall/tasks/install.yml
@@ -31,10 +31,12 @@
   copy:
     content: |
       [Unit]
+      {% if ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' %}
       # Ensure cs-firewall-bouncer starts before iptables
       # so ipset are available
-      Before=iptables.service
-      # But it should start after crowdsec to be able to register on the API
+      Before={{ (ansible_os_family == 'Debian') | ternary('netfilter-persistent','iptables') }}.service
+      {% endif %}
+      # It should start after crowdsec to be able to register on the API
       After=crowdsec.service
 
       [Service]
diff --git a/roles/squid/files/acl/service_various.domains b/roles/squid/files/acl/service_various.domains
index 90c3961..10c0c4a 100644
--- a/roles/squid/files/acl/service_various.domains
+++ b/roles/squid/files/acl/service_various.domains
@@ -3,3 +3,4 @@
 apps.identrust.com
 dns.api.gandi.net
 monip.org
+
diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains
index 617a781..74a73f3 100644
--- a/roles/squid/files/acl/software_various.domains
+++ b/roles/squid/files/acl/software_various.domains
@@ -343,3 +343,7 @@ downloads.sentry-cdn.com
 
 # iTop cmd extension store
 store.itophub.io
+
+# Crowdsec
+crowdsec-statics-assets.s3-eu-west-1.amazonaws.com
+api.crowdsec.com