diff --git a/site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb b/site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb
index b86b184..b8f2865 100644
--- a/site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb
@@ -92,3 +92,9 @@ systemd_unit 'lightningd.service' do
   triggers_reload true
   action [:create, :enable, :start]
 end
+
+firewall_rule 'lightningd' do
+  port     [9735] # TODO use attribute
+  protocol :tcp
+  command  :allow
+end
diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb
index b179c42..4e2464a 100644
--- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb
@@ -89,3 +89,9 @@ systemd_unit 'lnd.service' do
   triggers_reload true
   action [:create, :enable, :start]
 end
+
+firewall_rule 'lnd' do
+  port     [node['lnd']['port']]
+  protocol :tcp
+  command  :allow
+end