diff --git a/site-cookbooks/kosmos_discourse/metadata.rb b/site-cookbooks/kosmos_discourse/metadata.rb
index 76a2e83..d8aa80e 100644
--- a/site-cookbooks/kosmos_discourse/metadata.rb
+++ b/site-cookbooks/kosmos_discourse/metadata.rb
@@ -8,3 +8,4 @@ version '0.1.0'
 chef_version '>= 14.0'
 
 depends "kosmos-nginx"
+depends 'firewall'
diff --git a/site-cookbooks/kosmos_discourse/recipes/default.rb b/site-cookbooks/kosmos_discourse/recipes/default.rb
index de204a8..b60c210 100644
--- a/site-cookbooks/kosmos_discourse/recipes/default.rb
+++ b/site-cookbooks/kosmos_discourse/recipes/default.rb
@@ -32,3 +32,12 @@ systemd_unit "discourse.service" do
            }})
   action [:create, :enable]
 end
+
+include_recipe 'firewall'
+
+firewall_rule 'discourse' do
+  port     [3001]
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end