diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml
index 2b55884f..02828d66 100644
--- a/minifirewall/defaults/main.yml
+++ b/minifirewall/defaults/main.yml
@@ -19,3 +19,5 @@ minifirewall_private_ports_tcp: [5666]
 minifirewall_private_ports_udp: []
 
 minifirewall_autostart: "no"
+
+evomaintenance_hosts: []
diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml
index 80acf5d0..ea6b1a9e 100644
--- a/minifirewall/tasks/config.yml
+++ b/minifirewall/tasks/config.yml
@@ -94,6 +94,20 @@
       SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
   register: minifirewall_config_ports
 
+- name: evomaintenance
+  lineinfile:
+    dest: /etc/default/minifirewall
+    line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
+    insertafter: "^# EvoMaintenance"
+  with_items: "{{ evomaintenance_hosts }}"
+
+- name: remove minifirewall example rule for the evomaintenance
+  lineinfile:
+    dest: /etc/default/minifirewall
+    regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
+    state: absent
+  when: evomaintenance_hosts != []
+
 - name: restart minifirewall
   # service:
   #   name: minifirewall