diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..b4e333a
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,46 @@
+---
+- name: "Activate changes"
+  checkmk.general.activation:
+    server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/"
+    site: "{{ checkmk_agent_site }}"
+    automation_user: "{{ checkmk_agent_user }}"
+    automation_secret: "{{ __checkmk_agent_auth }}"
+    force_foreign_changes: "{{ checkmk_agent_force_foreign_changes }}"
+    redirect: true
+    validate_certs: "{{ checkmk_agent_server_validate_certs }}"
+  become: false
+  delegate_to: "{{ checkmk_agent_delegate_api_calls }}"
+  run_once: true  # noqa run-once[task]
+  when: checkmk_agent_auto_activate | bool
+
+- name: "Restart firewall"
+  become: true
+  ansible.builtin.shell: |
+    # Check and reload firewalld (RHEL/CentOS)
+    if systemctl is-active --quiet firewalld 2>/dev/null; then
+      echo "Reloading firewalld"
+      firewall-cmd --reload
+      exit 0
+    fi
+    
+    # Check and reload ufw (Ubuntu/Debian)
+    if systemctl is-active --quiet ufw 2>/dev/null; then
+      echo "Reloading ufw"
+      ufw reload
+      exit 0
+    fi
+    
+    # Check and reload SuSEfirewall2 (older SUSE)
+    if systemctl is-active --quiet SuSEfirewall2 2>/dev/null; then
+      echo "Reloading SuSEfirewall2"
+      systemctl reload SuSEfirewall2
+      exit 0
+    fi
+    
+    echo "No active firewall found - skipping reload"
+    exit 0
+  args:
+    executable: /bin/bash
+  register: firewall_reload_result
+  changed_when: "'Reloading' in firewall_reload_result.stdout"
+  failed_when: false
\ No newline at end of file