diff --git a/defaults/main.yml b/defaults/main.yml
index 7b23d40..2996328 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,8 @@ kafka_version: 3.8.0
 kafka_scala_version: 2.13
 kafka_java_version: 17
 kafka_install_dependencies: false
+kafka_firewall_add_rules: false
+
 kafka_open_file_limit: 800000
 # if kafka_checksum is defined role will use that value instead getting checksum from kafka downloads page
 # kafka_checksum: >
diff --git a/tasks/main.yml b/tasks/main.yml
index 699538f..a6628d4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -139,6 +139,22 @@
     create: true
   notify: Restart Kafka
 
+- name: Allow Firewall Controller Traffic
+  ansible.posix.firewalld:
+    port: 9093/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+  when: "kafka_firewall_add_rules and ansible_os_family == 'RedHat' and 'controller' in (hostvars[item]['kafka_node_roles'] | default(kafka_node_roles))"
+
+- name: Allow Firewall Broker Traffic
+  ansible.posix.firewalld:
+    port: 9092/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+  when: "kafka_firewall_add_rules and ansible_os_family == 'RedHat' and 'broker' in (hostvars[item]['kafka_node_roles'] | default(kafka_node_roles))"
+
 - name: Install Kafka service definition
   become: true
   ansible.builtin.template: