diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml
index 9b95e9e..160587c 100644
--- a/roles/cluster-addon/defaults/main.yml
+++ b/roles/cluster-addon/defaults/main.yml
@@ -27,7 +27,7 @@ dashboardMetricsScraperVer: "v1.0.6"
 metricsscraper_offline: "metrics-scraper_{{ dashboardMetricsScraperVer }}.tar"
 
 # ingress 自动安装，可选 "traefik" 和 "nginx-ingress"
-ingress_install: "yes"
+ingress_install: "no"
 ingress_backend: "traefik_v2"
 traefikVer: "v2.4"
 traefik_v2_offline: "traefik_{{ traefikVer }}.tar"
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index ccdf165..0fdd103 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -70,6 +70,8 @@
     
     - name: flush-iptables
       shell: "iptables -P INPUT ACCEPT \
+            && iptables -P FORWARD ACCEPT \
+            && iptables -P OUTPUT ACCEPT \
             && iptables -F && iptables -X \
             && iptables -F -t nat && iptables -X -t nat \
             && iptables -F -t raw && iptables -X -t raw \
diff --git a/tools/easzup b/tools/easzup
index bd4d773..caf2198 100755
--- a/tools/easzup
+++ b/tools/easzup
@@ -124,6 +124,15 @@ EOF
     sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
   fi
 
+  logger info "clean iptable rules"
+  iptables -P INPUT ACCEPT && \
+  iptables -P FORWARD ACCEPT && \
+  iptables -P OUTPUT ACCEPT && \
+  iptables -F && iptables -X && \
+  iptables -F -t nat && iptables -X -t nat && \
+  iptables -F -t raw && iptables -X -t raw && \
+  iptables -F -t mangle && iptables -X -t mangle
+
   echo "[INFO] enable and start docker"
   systemctl enable docker
   systemctl daemon-reload && systemctl restart docker && sleep 4