diff --git a/Dockerfile b/Dockerfile
index a85cb24b..c8e5a4b6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ LABEL maintainer="Kyle Manna <kyle@kylemanna.com>"
 
 # Testing: pamtester
 RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \
-    apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester && \
+    apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester sudo && \
     ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \
     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/*
 
@@ -32,3 +32,6 @@ RUN chmod a+x /usr/local/bin/*
 
 # Add support for OTP authentication using a PAM module
 ADD ./otp/openvpn /etc/pam.d/
+
+# Allow Openvpn to modify iptables
+ADD ./etc/openvpn_iptables /etc/sudoers.d/openvpn_iptables
diff --git a/etc/openvpn_iptables b/etc/openvpn_iptables
new file mode 100644
index 00000000..31b4fdd4
--- /dev/null
+++ b/etc/openvpn_iptables
@@ -0,0 +1,3 @@
+Defaults:nobody !requiretty
+
+nobody ALL = NOPASSWD: /sbin/iptables