diff --git a/playbook.yml b/playbook.yml
index 18aa493..1338f23 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -154,6 +154,19 @@
             file: packages.yml
             name: defined_packages
 
+        - name: force-update iptables to iptables-nft on arch
+          shell: |
+            if ! pacman -Qi iptables | grep '^Name.*iptables-nft' ; then
+              # --noconfirm does not cut it
+              yes | pacman -S iptables-nft
+              exit 100
+            fi
+            exit 0
+          become: true
+          register: force_install_iptables
+          changed_when: force_install_iptables.rc == 100
+          failed_when: force_install_iptables.rc not in (0, 100)
+
         - set_fact:
             distro_packages: "{{ defined_packages|json_query('*.%s'|format(distro)) }}"