diff --git a/nodes/nodejs-3.json b/nodes/nodejs-3.json
index 5bf6228..91f821a 100644
--- a/nodes/nodejs-3.json
+++ b/nodes/nodejs-3.json
@@ -61,7 +61,7 @@
       "kosmos-nginx::firewall",
       "nodejs::npm",
       "nodejs::install",
-      "sockethub::_firewall"
+      "sockethub::firewall"
     ],
     "platform": "ubuntu",
     "platform_version": "20.04",
diff --git a/site-cookbooks/sockethub/recipes/_firewall.rb b/site-cookbooks/sockethub/recipes/_firewall.rb
index 809d5a9..08f58b0 100644
--- a/site-cookbooks/sockethub/recipes/_firewall.rb
+++ b/site-cookbooks/sockethub/recipes/_firewall.rb
@@ -1,6 +1,6 @@
 #
 # Cookbook Name:: sockethub
-# Recipe:: _firewall
+# Recipe:: firewall
 #
 
 unless node.chef_environment == "development"
@@ -12,4 +12,3 @@ unless node.chef_environment == "development"
     command  :allow
   end
 end
-
diff --git a/site-cookbooks/sockethub/recipes/firewall.rb b/site-cookbooks/sockethub/recipes/firewall.rb
new file mode 100644
index 0000000..08f58b0
--- /dev/null
+++ b/site-cookbooks/sockethub/recipes/firewall.rb
@@ -0,0 +1,14 @@
+#
+# Cookbook Name:: sockethub
+# Recipe:: firewall
+#
+
+unless node.chef_environment == "development"
+  include_recipe "kosmos-base::firewall"
+
+  firewall_rule 'sockethub' do
+    port     node['sockethub']['external_port'].to_i
+    protocol :tcp
+    command  :allow
+  end
+end
diff --git a/site-cookbooks/sockethub/recipes/proxy.rb b/site-cookbooks/sockethub/recipes/proxy.rb
index 7d2ff76..a62b5fd 100644
--- a/site-cookbooks/sockethub/recipes/proxy.rb
+++ b/site-cookbooks/sockethub/recipes/proxy.rb
@@ -3,7 +3,7 @@
 # Recipe:: proxy
 #
 
-include_recipe 'sockethub::_firewall'
+include_recipe 'sockethub::firewall'
 include_recipe 'kosmos-nginx'
 include_recipe "kosmos-base::letsencrypt"