diff --git a/firewalld/debian10.sls b/firewalld/debian10.sls
new file mode 100644
index 0000000..1438a1c
--- /dev/null
+++ b/firewalld/debian10.sls
@@ -0,0 +1,13 @@
+{% from "firewalld/map.jinja" import firewalld with context %}
+
+firewalld_repo_buster-backports:
+  pkgrepo.managed:
+    - name: deb http://deb.debian.org/debian buster-backports main
+    - file: /etc/apt/sources.list.d/buster-backports.list
+
+firewalld_install_iptables_from_buster-backports:
+  pkg.installed:
+    - name: iptables
+    - fromrepo: buster-backports
+    - version: '1.8.5*'
+    - refresh: True
diff --git a/firewalld/init.sls b/firewalld/init.sls
index 32a5e33..ab4c506 100644
--- a/firewalld/init.sls
+++ b/firewalld/init.sls
@@ -16,6 +16,9 @@ firewalld-unsupported:
 {% elif firewalld.enabled %}
 
 include:
+  {% if grains.get('osfinger', '') == 'Debian-10' %}
+  - firewalld.debian10
+  {% endif %}
   - firewalld.config
   - firewalld.ipsets
   - firewalld.backend