diff --git a/kvm-host/defaults/main.yml b/kvm-host/defaults/main.yml
index 9cbdd9a3..981f2429 100644
--- a/kvm-host/defaults/main.yml
+++ b/kvm-host/defaults/main.yml
@@ -10,4 +10,5 @@ kvm_pair: null
 lvm_filter:
   - '"a|^/dev/sd[a-zA-Z]+[0-9]*$|"'
   - '"a|^/dev/nvme[0-9]+(n[0-9]+)?(p[0-9]+)?$|"'
-  - '"a|^/dev/md[0-9]+$|"'
\ No newline at end of file
+  - '"a|^/dev/md[0-9]+$|"'
+kvm_drbd_interface: null
diff --git a/kvm-host/tasks/firewall.yml b/kvm-host/tasks/firewall.yml
new file mode 100644
index 00000000..328d045c
--- /dev/null
+++ b/kvm-host/tasks/firewall.yml
@@ -0,0 +1,9 @@
+---
+- name: Allow all traffic through DRBD interface
+  ansible.builtin.lineinfile:
+    path: /etc/minifirewall.d/drbd
+    line: "/sbin/iptables -I INPUT -p tcp -i {{ kvm_drbd_interface }} -j ACCEPT"
+    create: yes
+  when:
+    - kvm_drbd_interface is defined
+    - kvm_drbd_interface | length > 0
diff --git a/kvm-host/tasks/main.yml b/kvm-host/tasks/main.yml
index 7aa3bdc2..ae0108cd 100644
--- a/kvm-host/tasks/main.yml
+++ b/kvm-host/tasks/main.yml
@@ -16,3 +16,5 @@
 - ansible.builtin.include: images.yml
 
 - ansible.builtin.include: tools.yml
+
+- ansible.builtin.include: firewall.yml