diff --git a/site-cookbooks/kosmos-postgresql/recipes/default.rb b/site-cookbooks/kosmos-postgresql/recipes/default.rb
index b3c9f4f..8055b8b 100644
--- a/site-cookbooks/kosmos-postgresql/recipes/default.rb
+++ b/site-cookbooks/kosmos-postgresql/recipes/default.rb
@@ -64,6 +64,13 @@ postgresql_clients.each do |client|
     access_method "md5"
     notifies :reload, "service[#{postgresql_service}]", :immediately
   end
+
+  firewall_rule "postgresql #{hostname}" do
+    port        5432
+    protocol    :tcp
+    command     :allow
+    source ip
+  end
 end
 
 postgresql_replicas.each do |replica|