diff --git a/roles/celerity/defaults/main.yml b/roles/celerity/defaults/main.yml
index fac756916d26f91b266174b955270188ce6ce402..ad510f68048c29b0614466620f534acae45e772a 100644
--- a/roles/celerity/defaults/main.yml
+++ b/roles/celerity/defaults/main.yml
@@ -33,8 +33,7 @@ celerity_f2b_jail:
 celerity_firewall_enabled: true
 celerity_ferm_rules_filename: celerity
 celerity_ferm_input_rules:
-  - saddr: "{{ groups['worker'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list }}"
-    proto:
+  - proto:
       - tcp
     dport:
       - 6200
diff --git a/roles/mirismanager/defaults/main.yml b/roles/mirismanager/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fae361baf92fbe5d60226ebd8f56942db64bdcb3
--- /dev/null
+++ b/roles/mirismanager/defaults/main.yml
@@ -0,0 +1,46 @@
+---
+
+manager_packages:
+  - ubicast-skyreach
+  - ubicast-skyreach-runtime
+
+manager_testing: false
+manager_mail: dev-mediaserver@ubicast.eu
+manager_hostname: "{{ envsetup_cm_server_name }}"
+manager_default_email_sender: "noreply@{{ manager_hostname }}"
+manager_email_sender: "{{ envsetup_email_sender | default(manager_default_email_sender, true) }}"
+manager_proxy_http: "{{ envsetup_proxy_http }}"
+
+manager_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
+manager_f2b_filter:
+  name: manager
+  content: |
+    [INCLUDES]
+    before = common.conf
+    [Definition]
+    failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
+                INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
+    ignoreregex =
+manager_f2b_jail:
+  name: manager
+  content: |
+    [manager]
+    logpath = /home/skyreach/.skyreach/logs/skyreach.log
+    enabled = {% if manager_fail2ban_enabled | bool %}true{% else %}false{% endif %}
+
+manager_firewall_enabled: true
+manager_ferm_rules_filename: manager
+manager_ferm_input_rules:
+  - proto:
+      - tcp
+    dport:
+      - 80
+      - 443
+  - proto:
+      - tcp
+    dport:
+      - 3142
+manager_ferm_output_rules: []
+manager_ferm_global_settings:
+
+...
diff --git a/roles/postgres/defaults/main.yml b/roles/postgres/defaults/main.yml
index d5716237683c45e818779ee15d63cfc3a1062d6a..fd6a04993d26d8c31f2ec5f60afcf5e3e3a92f9f 100644
--- a/roles/postgres/defaults/main.yml
+++ b/roles/postgres/defaults/main.yml
@@ -7,8 +7,7 @@ postgres_pwd: "{{ envsetup_db_pg_root_pwd }}"
 postgres_firewall_enabled: true
 postgres_ferm_rules_filename: postgres
 postgres_ferm_input_rules:
-  - saddr: "{{ groups['server'] | union(groups['manager']) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list }}"
-    proto:
+  - proto:
       - tcp
     dport:
       - 5432