diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index 7bca48cf22be28d294a7fa09ba4e41f204a399dd..fb4c4d49c970de15b375b03abb4e4d50d4747a6a 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -45,6 +45,7 @@ debian_pkg_install:
  - "{% if virtualenv is not none %}python3-virtualenv{% endif %}"
  - "{% if enable_host_ntp | bool %}ntp{% endif %}"
  - "{% if enable_multipathd|bool %}sg3-utils-udev{% endif %}"
+ - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}"
 
 redhat_pkg_install:
  - "{{ docker_yum_package }}"
@@ -53,6 +54,7 @@ redhat_pkg_install:
  - "{% if virtualenv is not none %}python3-virtualenv{% endif %}"
  - "{% if enable_host_ntp | bool %}ntp{% endif %}"
  - sudo
+ - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}"
 
 ubuntu_pkg_removals:
  - lxd
diff --git a/releasenotes/notes/docker-install-iptables-f24fef8ce2418963.yaml b/releasenotes/notes/docker-install-iptables-f24fef8ce2418963.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b01939cee6be4f73ca4f178f427585155b41163b
--- /dev/null
+++ b/releasenotes/notes/docker-install-iptables-f24fef8ce2418963.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where Docker may fail to start if ``iptables`` is not
+    installed. `LP#1899060
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1899060>`__