diff --git a/bundles/iptables/items.py b/bundles/iptables/items.py
index d0bf6b3..7e9a647 100644
--- a/bundles/iptables/items.py
+++ b/bundles/iptables/items.py
@@ -23,6 +23,11 @@ files = {
     },
 }
 
+enforce_deps = {
+    'directory:/etc/iptables-rules.d',
+    'file:/usr/local/sbin/iptables-enforce',
+}
+
 for bundle, rules in node.metadata.get('iptables/bundle_rules', {}).items():
     files[f'/etc/iptables-rules.d/20-{bundle}'] = {
         # We must never use sorted() here. Bundles might rely on their order.
@@ -31,6 +36,7 @@ for bundle, rules in node.metadata.get('iptables/bundle_rules', {}).items():
             'action:iptables_enforce',
         },
     }
+    enforce_deps.add(f'file:/etc/iptables-rules.d/20-{bundle}')
 
 if 'custom_rules' in node.metadata.get('iptables', {}):
     files['/etc/iptables-rules.d/40-custom'] = {
@@ -39,12 +45,14 @@ if 'custom_rules' in node.metadata.get('iptables', {}):
             'action:iptables_enforce',
         },
     }
+    enforce_deps.add('file:/etc/iptables-rules.d/40-custom')
 
 
 actions = {
     'iptables_enforce': {
         'command': '/usr/local/sbin/iptables-enforce',
         'triggered': True,
+        'needs': enforce_deps,
     },
 }