diff --git a/roles/firewalld/templates/firewalld.conf.j2 b/roles/firewalld/templates/firewalld.conf.j2
index f8caf11c8a862960136a5163db6e57897bc97fc2..7a0be1ff1b763ba675bc3e570d5a3909dce57c45 100644
--- a/roles/firewalld/templates/firewalld.conf.j2
+++ b/roles/firewalld/templates/firewalld.conf.j2
@@ -66,6 +66,14 @@ FirewallBackend=nftables
 # Default: yes
 FlushAllOnReload=yes
 
+# ReloadPolicy
+# Policy during reload. By default all traffic except for established
+# connections is dropped while the rules are updated. Set to "DROP", "REJECT"
+# or "ACCEPT". Alternatively, specify it per table, like
+# "OUTPUT:ACCEPT,INPUT:DROP,FORWARD:REJECT".
+# Default: ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP
+ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP
+
 # RFC3964_IPv4
 # As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
 # correspond to IPv4 addresses that should not be routed over the public