diff --git a/defaults/main.yml b/defaults/main.yml
index c9f13cd..97882c7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
+unbound_cache_allowlist: []
+
 unbound_cache_forwarder:
   - 9.9.9.10
 
diff --git a/templates/unbound.conf.d/server.conf.j2 b/templates/unbound.conf.d/server.conf.j2
index 9cc9f90..000625b 100644
--- a/templates/unbound.conf.d/server.conf.j2
+++ b/templates/unbound.conf.d/server.conf.j2
@@ -8,6 +8,9 @@ server:
 	access-control: 127.0.0.0/8 allow
 	access-control: ::1/128 allow
 
+{% for net in unbound_cache_allow_list %}      access-control: {{ net }} allow
+{% endfor %}
+
 {% for listen in unbound_cache_listen%}	interface: {{ listen|ipaddr('address') }}
 	access-control: {{ listen|ipaddr('network/prefix') }} allow
 {% endfor %}