diff --git a/roles/openresty.rb b/roles/openresty.rb
index 35edc0b..2d6b2ae 100644
--- a/roles/openresty.rb
+++ b/roles/openresty.rb
@@ -7,6 +7,7 @@ development_run_list = %w(
 
 default_run_list = %w(
   kosmos_openresty::default
+  kosmos_openresty::firewall
 )
 
 env_run_lists(
diff --git a/site-cookbooks/kosmos_openresty/metadata.rb b/site-cookbooks/kosmos_openresty/metadata.rb
index cfc3381..444b54c 100644
--- a/site-cookbooks/kosmos_openresty/metadata.rb
+++ b/site-cookbooks/kosmos_openresty/metadata.rb
@@ -6,4 +6,5 @@ description 'Installs/Configures openresty'
 version '0.1.0'
 chef_version '>= 18.0'
 
+depends 'kosmos-base'
 depends 'openresty'
diff --git a/site-cookbooks/kosmos_openresty/recipes/firewall.rb b/site-cookbooks/kosmos_openresty/recipes/firewall.rb
new file mode 100644
index 0000000..b6f5b28
--- /dev/null
+++ b/site-cookbooks/kosmos_openresty/recipes/firewall.rb
@@ -0,0 +1,11 @@
+#
+# Cookbook Name:: kosmos_openresty
+# Recipe:: firewall
+
+include_recipe "kosmos-base::firewall"
+
+firewall_rule "http/https" do
+  port     [80, 443]
+  protocol :tcp
+  command  :allow
+end