diff --git a/.puppet-lint.rc b/.puppet-lint.rc
new file mode 100644
index 0000000..c7a214e
--- /dev/null
+++ b/.puppet-lint.rc
@@ -0,0 +1 @@
+--no-variable_scope-check
\ No newline at end of file
diff --git a/README.md b/README.md
index daa4360..5b6cec1 100644
--- a/README.md
+++ b/README.md
@@ -40,11 +40,11 @@ NRPE allows monitoring tools like NAGIOS or ICINGA to connect to clients for mon
   * nrpe.cfg
 * manage sudo role for nagios user on NRPE clients
 * manage dynamic NRPE check command  definitions
-* manage iptables (optional). set `ne_incl_fw`to `true`. Specify a custom value to `ne_nagios_source` for the nagior server IP or range.
+* manage iptables (optional). set `ne_incl_fw`to `true`. 
 * manage selinux rule exceptions (optional)
 * manage NRPE service
 
-> Note: The value for the `nagios_server` variable is derived from a global paraneter set in Foreman (`nagios_server`), because the paremeter is used across multiple modules. You need to set that manually in Foreman under "Global Parameters".
+> Note: The value for the `nagios_server` variable is derived from a global paraneter set in Foreman (`nagios_server`), because the paremeter is used across multiple modules. You need to set that manually in Foreman under "Global Parameters". Same for `nagios_source`, the value for the firewall source.
 
 ## Repo Documentation
 
diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index 66c1e7f..cf4a19d 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -9,7 +9,7 @@ class confdroid_nrpe::firewall::iptables (
 ) inherits confdroid_nrpe::params {
   if $ne_incl_fw == true {
     firewall { "${ne_fw_order_no}${ne_nrpe_port} port ${ne_nrpe_port}":
-      source => $ne_nagios_source,
+      source => $nagios_source,
       proto  => 'tcp',
       dport  => $ne_nrpe_port,
       jump   => 'accept',
diff --git a/manifests/params.pp b/manifests/params.pp
index d15096b..7ce95a6 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -74,9 +74,6 @@
 # @param [Array] reqpackages which packages to install
 # @param [Boolean] ne_manage_cmds Whether to manage command rules for NRPE
 #   checks, to allow dynamic check & command rules.
-# @param [String] ne_nagios_source the source address for the firewall rule. 
-#   Adjust to your  environment if needed. Default is '0.0.0.0/0' to allow 
-#   all sources, but it is recommended to specify the nagios server IP or subnet.
 ###############################################################################
 class confdroid_nrpe::params (
 
@@ -123,7 +120,6 @@ class confdroid_nrpe::params (
 # firewall
   Boolean $ne_incl_fw                = true,
   String $ne_fw_order_no             = '50',
-  String $ne_nagios_source           = '0.0.0.0/0',
 
 # selinux
   Boolean $ne_include_selinux        = true,
@@ -135,6 +131,7 @@ class confdroid_nrpe::params (
   $os_name                  = $facts['os']['name']
   $os_release               = $facts['os']['release']['major']
   $nagios_server            = $facts['nagios_server']
+  $nagios_source            = $facts['nagios_source']
 
 # service
   $ne_service                 = 'nrpe'