diff --git a/install_files/ansible-base/roles/ossec/templates/send_encrypted_alarm.sh b/install_files/ansible-base/roles/ossec/templates/send_encrypted_alarm.sh
index 52d6b8a9e4..8377c3cea6 100644
--- a/install_files/ansible-base/roles/ossec/templates/send_encrypted_alarm.sh
+++ b/install_files/ansible-base/roles/ossec/templates/send_encrypted_alarm.sh
@@ -34,6 +34,12 @@ function send_encrypted_alert() {
         echo "${encrypted_alert_text}" | \
             /usr/bin/mail -s "$(echo "${SUBJECT}" | sed -r 's/([0-9]{1,3}\.){3}[0-9]{1,3}\s?//g' )" '{{ ossec_alert_email }}'
     fi
+
+    #check for signal cli and send alert to number
+    if [[ -x "$(command -v signal-cli)" ]]; then
+        /usr/local/bin/signal-cli --config /etc/signal -u '{{ signal_number }}' send -m "${ossec_alert_text}" '{{ signal_destination_number }}'
+    fi
+
 }
 
 # Failover alerting function, in case the primary function failed.
diff --git a/install_files/ansible-base/roles/restrict-direct-access/templates/rules_v4 b/install_files/ansible-base/roles/restrict-direct-access/templates/rules_v4
index f0829e5da8..cf1d17df92 100644
--- a/install_files/ansible-base/roles/restrict-direct-access/templates/rules_v4
+++ b/install_files/ansible-base/roles/restrict-direct-access/templates/rules_v4
@@ -87,6 +87,18 @@
 # postfix rule for outbound smtp
 -A OUTPUT -p tcp --dport {{ smtp_relay_port }} -m owner --uid-owner postfix -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -m comment --comment "Allow ossec email alerts out"
 -A INPUT -p tcp --sport {{ smtp_relay_port }}  -m state --state ESTABLISHED,RELATED -j ACCEPT -m comment --comment "Allow ossec email alerts out"
+
+{% if signal_notifications is defined and signal_notifications %}
+# Signal-cli iptables rules
+# dns rule
+-A OUTPUT -d {{ dns_server }} -p tcp --dport 53 -m owner --uid-owner postfix -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -m comment --comment "signal-cli dns rule"
+-A OUTPUT -d {{ dns_server }} -p udp --dport 53 -m owner --uid-owner postfix -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -m comment --comment "signal-cli dns rule"
+
+# outbound rules for signal-cli
+-A OUTPUT -p tcp --dport 443 -m owner --uid-owner postfix -m state --state NEW,RELATED,ESTABLISHED -m comment --comment "Allow signal-cli messages outbound" -j ACCEPT
+-A INPUT -p tcp --sport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT -m comment --comment "Allow signal-cli responses inbound"
+{% endif %}
+
 {% endif %}