diff --git a/lib/ansible/modules/system/iptables.py b/lib/ansible/modules/system/iptables.py
index f7dbf1cd39d..a5d0bea3f0e 100644
--- a/lib/ansible/modules/system/iptables.py
+++ b/lib/ansible/modules/system/iptables.py
@@ -52,6 +52,11 @@ options:
     choices: [ append, insert ]
     default: append
     version_added: "2.2"
+  rule_num:
+    description:
+      - Insert the rule as the given rule number. This works only with
+        action = 'insert'.
+    version_added: "2.5"
   ip_version:
     description:
       - Which version of the IP protocol this rule should apply to.
@@ -316,6 +321,14 @@ EXAMPLES = '''
     set_dscp_mark_class: CS1
     protocol: tcp
 
+# Insert a rule on line 5
+- iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 8080
+    jump: ACCEPT
+    rule_num: 5
+
 # Set the policy for the INPUT chain to DROP
 - iptables:
     chain: INPUT
@@ -440,6 +453,8 @@ def push_arguments(iptables_path, action, params, make_rule=True):
     cmd = [iptables_path]
     cmd.extend(['-t', params['table']])
     cmd.extend([action, params['chain']])
+    if action == '-I' and params['rule_num']:
+        cmd.extend([params['rule_num']])
     if make_rule:
         cmd.extend(construct_rule(params))
     return cmd
@@ -496,6 +511,7 @@ def main():
             action=dict(type='str', default='append', choices=['append', 'insert']),
             ip_version=dict(type='str', default='ipv4', choices=['ipv4', 'ipv6']),
             chain=dict(type='str'),
+            rule_num=dict(type='str'),
             protocol=dict(type='str'),
             source=dict(type='str'),
             to_source=dict(type='str'),