diff --git a/CHANGELOG.md b/CHANGELOG.md
index c12ec1d..85ac5b0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)
 
 ## [Unreleased]
 
+### Added
+
+- add IPs lists
+
 ### Changed
 
 - test: replace kitchen to molecule
diff --git a/README.md b/README.md
index 4923028..29416a2 100644
--- a/README.md
+++ b/README.md
@@ -92,9 +92,11 @@ Install and configure haproxy
     acl:
       - acl_test1-https hdr(host) test1.example.net
       - acl_test2-https hdr(host) test2.example.net
+      - acl_blacklist src -f /etc/haproxy/blacklist.list
     use_backend:
       - backend-app if acl_test1-https
       - backend-app if acl_test2-https
+      - backend-app if acl_test1-https acl_blacklist
 ```
 
 - `haproxy_backends` - hash with the backend configuration
@@ -115,6 +117,16 @@ Install and configure haproxy
       - host2 127.0.0.1:80 check maxconn 1000 inter 15s
 ```
 
+- `haproxy_ips_lists` - hash with the ips list to use in haproxy
+
+```
+  blacklist:
+    - 192.168.0.0/16
+    - 172.10.10.0/24
+  public_withlist:
+    - 8.8.8.8
+```
+
 - `haproxy_ssl_certificates` - hash with ssl certificates to copy
 
 ```
diff --git a/defaults/main.yml b/defaults/main.yml
index 384f4ee..fda52f8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -59,3 +59,4 @@ haproxy_full_listen_stats: '{{ haproxy_default_listen_stats|combine(haproxy_list
 haproxy_frontends: {}
 haproxy_backends: {}
 haproxy_ssl_certificates: {}
+haproxy_ips_lists: {}
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index 33aea92..9b18985 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -8,6 +8,10 @@
       www-example-com: |
         -----BEGIN CERTIFICATE-----
         test
+    haproxy_ips_lists:
+      blacklist:
+        - 172.10.0.0/16
+        - 192.168.1.1
     haproxy_frontends:
       main:
         bind:
@@ -29,9 +33,11 @@
         acl:
           - acl_test1-https hdr(host) test1.example.net
           - acl_test2-https hdr(host) test2.example.net
+          - acl_blacklist src -f /etc/haproxy/blacklist.list
         use_backend:
           - backend-test-https if acl_test1-https
           - backend-test-https if acl_test2-https
+          - backend-test-https if acl_test1-https acl_blacklist
     haproxy_backends:
       backend-test-https:
         mode: http
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
index 7fd0a1d..2b769f9 100644
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@@ -21,6 +21,15 @@ def test_certificate_file(host):
   assert path.group == 'root'
   assert path.mode == 0o600
   assert path.contains('test')
+  
+def test_ips_list_file(host):
+  path = host.file('/etc/haproxy/blacklist.list')
+  assert path.exists
+  assert path.is_file
+  assert path.user == 'root'
+  assert path.group == 'root'
+  assert path.mode == 0o644
+  assert path.contains('172.10.0.0/16\n192.168.1.1')
 
 def test_service(host):
   service = host.service('haproxy')
diff --git a/tasks/main.yml b/tasks/main.yml
index 2f76b53..8fc008a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -18,6 +18,19 @@
   no_log: true
   tags: haproxy
 
+- name: copy IPs lists
+  copy:
+    content: "{{ item.value|join('\n') }}"
+    dest: '/etc/haproxy/{{ item.key }}.list'
+    owner: root
+    group: root
+    mode: 0644
+  loop: '{{ haproxy_ips_lists|dict2items }}'
+  loop_control:
+    label: '{{ item.key }}'
+  notify: reload haproxy
+  tags: haproxy
+
 - name: copy config file
   template:
     src: haproxy.cfg.j2