diff --git a/books/proxy_apt.yml b/books/apt_proxy.yml
similarity index 100%
rename from books/proxy_apt.yml
rename to books/apt_proxy.yml
diff --git a/group_vars/all/proxy_apt.yml b/group_vars/all/apt_proxy.yml
similarity index 55%
rename from group_vars/all/proxy_apt.yml
rename to group_vars/all/apt_proxy.yml
index 1132cf8..169bdf0 100644
--- a/group_vars/all/proxy_apt.yml
+++ b/group_vars/all/apt_proxy.yml
@@ -2,3 +2,6 @@
 apt_proxy_port: 3142
 apt_proxy_admin_user: admin
 apt_proxy_admin_mdp: "{{ vault_apt_proxy_admin_mdp }}"
+
+apt_proxy_allowed_clients: 
+  - "{{ intranet['ipv4'] }}/{{ intranet['netmaskv4'] }}"
diff --git a/roles/apt_cacher_ng/tasks/main.yml b/roles/apt_cacher_ng/tasks/main.yml
index 5ae6b2e..0235352 100644
--- a/roles/apt_cacher_ng/tasks/main.yml
+++ b/roles/apt_cacher_ng/tasks/main.yml
@@ -28,6 +28,26 @@
   notify: Restart apt-cacher-ng
   no_log: true
 
+- name: Edit the clients allowed to use the proxy
+  lineinfile:
+    path: /etc/hosts.allow
+    regexp: '^apt-cacher-ng'
+    line: "apt-cacher-ng: 127.0.0.1 {{ apt_proxy_allowed_clients | join(' ') }}"
+    owner: root
+    group: root
+    mode: '644'
+  notify: Restart apt-cacher-ng
+
+- name: Block everyone else
+  lineinfile:
+    path: /etc/hosts.deny
+    regexp: '^apt-cacher-ng'
+    line: "apt-cacher-ng: ALL"
+    owner: root
+    group: root
+    mode: '644'
+  notify: Restart apt-cacher-ng
+
 - name: Enable apt-cacher-ng
   systemd:
     name: "apt-cacher-ng"