diff --git a/r-vp1.yml b/r-vp1.yml
index 2ffe142..5bd02e3 100644
--- a/r-vp1.yml
+++ b/r-vp1.yml
@@ -15,6 +15,7 @@
 #   - firewall-vpn-r
    - wireguard-r
 #   - x509-r
+   - fw-ferm
    - ssh-cli
    - syslog-cli
    - post
diff --git a/r-vp2.yml b/r-vp2.yml
index 3c78dbf..a4009fe 100644
--- a/r-vp2.yml
+++ b/r-vp2.yml
@@ -18,6 +18,7 @@
 #   - firewall-vpn-l
    - wireguard-l
 #   - x509-l
+   - fw-ferm
    - ssh-cli
    - syslog-cli
    - post
diff --git a/roles/fw-ferm-2/README.md b/roles/fw-ferm-2/README.md
deleted file mode 100644
index 64df66e..0000000
--- a/roles/fw-ferm-2/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-[Ferm]:http://ferm.foo-projects.org/ 
-
-Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables
-```bash
-update-alternatives --set iptables /usr/sbin/iptables-legacy
-```
-
-Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html
-```bash
-sudo nmap -p51820  192.168.0.51
-```(r-vp1)
-```bash
-sudo nmap -p51820  192.168.0.52
-```(r-vp2)
-
-Sortie :
-`PORT      STATE    SERVICE
-51820/tcp filtered unknown`
-Faire des ping!
diff --git a/roles/fw-ferm-1/README.md b/roles/fw-ferm/README.md
similarity index 100%
rename from roles/fw-ferm-1/README.md
rename to roles/fw-ferm/README.md
diff --git a/roles/fw-ferm-1/ferm.conf b/roles/fw-ferm/files/ferm.conf.r-vp1
similarity index 100%
rename from roles/fw-ferm-1/ferm.conf
rename to roles/fw-ferm/files/ferm.conf.r-vp1
diff --git a/roles/fw-ferm-2/ferm.conf b/roles/fw-ferm/files/ferm.conf.r-vp2
similarity index 100%
rename from roles/fw-ferm-2/ferm.conf
rename to roles/fw-ferm/files/ferm.conf.r-vp2
diff --git a/roles/fw-ferm/tasks/main.yml b/roles/fw-ferm/tasks/main.yml
new file mode 100644
index 0000000..78c42ff
--- /dev/null
+++ b/roles/fw-ferm/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
+- name: copie du ferm.conf
+  copy:
+    src: ferm.conf.{{ ansible_hostname }}
+    dest: /etc/ferm/ferm.conf
+
+- name: redemarage service ferm
+  ansible.builtin.service:
+    name: ferm.service
+    state: restarted
diff --git a/roles/wireguard-l/tasks/main.yml b/roles/wireguard-l/tasks/main.yml
index 99035f8..32fd42e 100644
--- a/roles/wireguard-l/tasks/main.yml
+++ b/roles/wireguard-l/tasks/main.yml
@@ -4,16 +4,16 @@
     name: wireguard
     state: present
 
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
 - name: installation de wireguard-tools
   apt:
     name: wireguard-tools
     state: present
 
-#- name: installation de sshpass
-#  apt:
-#    name: sshpass
-#    state: present
-
 #- name: copie du fichier de configuration depuis r-vp1
 #  command: "sshpass -p 'root' scp -r root@192.168.99.112:/root/confwg/wg0-b.conf /etc/wireguard/"
 
diff --git a/roles/wireguard-r/tasks/main.yml b/roles/wireguard-r/tasks/main.yml
index 51fe16b..a0f6624 100644
--- a/roles/wireguard-r/tasks/main.yml
+++ b/roles/wireguard-r/tasks/main.yml
@@ -4,6 +4,11 @@
     name: wireguard
     state: present
 
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
 - name: installation de wireguard-tools
   apt:
     name: wireguard-tools
@@ -27,12 +32,10 @@
 - name: copie du fichier de configuration
   copy:
     src: /root/confwg/wg0-a.conf
-    dest: /etc/wireguard
+    dest: /etc/wireguard/wg0.conf
 
-- name: renommage fichier de configuration
-  command: "mv /etc/wireguard/wg0-a.conf /etc/wireguard/wg0.conf"
-
-- name: demarrage du service wireguard
-  tags: aaaa
-  command: "systemctl enable wg-quick@wg0"
-  command: "systemctl restart wg-quick@wg0"
+- name: Restart service httpd, in all cases
+  ansible.builtin.service:
+    name: wg-quick@wg0
+    enabled: yes
+    state: restarted