diff --git a/site-cookbooks/kosmos-dirsrv/recipes/default.rb b/site-cookbooks/kosmos-dirsrv/recipes/default.rb
index d7f50ca..a11b0d6 100644
--- a/site-cookbooks/kosmos-dirsrv/recipes/default.rb
+++ b/site-cookbooks/kosmos-dirsrv/recipes/default.rb
@@ -31,3 +31,21 @@ dirsrv_instance "master" do
   admin_password credentials['admin_password']
   suffix "dc=kosmos,dc=org"
 end
+
+# FIXME: The firewall and backup recipes do not work in the custom resource, so
+# the code lives here for now. The issue is described here, but I think messing
+# with the run context is confusing:
+#
+# https://github.com/chef-cookbooks/firewall/issues/134
+unless node.chef_environment == "development"
+  include_recipe "firewall"
+  firewall_rule "ldap" do
+    port     [389, 636]
+    protocol :tcp
+    command  :allow
+  end
+
+  # backup the data dir and the config files
+  node.override["backup"]["archives"]["dirsrv"] = ["/etc/dirsrv", "/var/lib/dirsrv"]
+  include_recipe "backup"
+end
diff --git a/site-cookbooks/kosmos-dirsrv/resources/instance.rb b/site-cookbooks/kosmos-dirsrv/resources/instance.rb
index 92d17a8..abb9253 100644
--- a/site-cookbooks/kosmos-dirsrv/resources/instance.rb
+++ b/site-cookbooks/kosmos-dirsrv/resources/instance.rb
@@ -110,16 +110,5 @@ action :create do
       sensitive true
       action :nothing
     end
-
-    include_recipe "firewall"
-    firewall_rule "ldap" do
-      port     [config[:port], 636]
-      protocol :tcp
-      command  :allow
-    end
-
-    # backup the data dir and the config files
-    node.override["backup"]["archives"]["dirsrv"] = ["/etc/dirsrv", "/var/lib/dirsrv"]
-    include_recipe "backup"
   end
 end