diff --git a/roles/ppm/templates/ppmfirewall.j2 b/roles/ppm/templates/ppmfirewall.j2
index efee383..1682c11 100644
--- a/roles/ppm/templates/ppmfirewall.j2
+++ b/roles/ppm/templates/ppmfirewall.j2
@@ -5,11 +5,16 @@
 {% for ppm_app in ppm_apps %}
 # Firewall for {{ ppm_app.user }}
 {% for redirect in ppm_app.firewall_redirect | default([]) %}
-# Redirect {{ redirect.from }} to {{ redirect.to }}
-iptables -A INPUT -p tcp --dport {{ redirect.from }} -j ACCEPT
-ip6tables -A INPUT -p tcp --dport {{ redirect.from }} -j ACCEPT
-iptables -t nat -A PREROUTING -p tcp --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
-ip6tables -t nat -A PREROUTING -p tcp --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
+# Redirect {{ redirect.from }} to {{ redirect.to }} ({{ redirect.proto | default('tcp') }})
+iptables -A INPUT -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.from }} -j ACCEPT
+ip6tables -A INPUT -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.from }} -j ACCEPT
+iptables -t nat -A PREROUTING -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
+ip6tables -t nat -A PREROUTING -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
+{% endfor %}
+{% for openport in ppm_app.firewall_openport | default([]) %}
+# Open port {{ openport.port }} ({{ openport.proto | default('tcp') }})
+iptables -A INPUT -p {{ openport.proto | default('tcp') }} --dport {{ openport.port }} -j ACCEPT
+ip6tables -A INPUT -p {{ openport.proto | default('tcp') }} --dport {{ openport.port }} -j ACCEPT
 {% endfor %}
 
 {% endfor %}