diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index 6e309e0..66c1e7f 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -9,7 +9,7 @@ class confdroid_nrpe::firewall::iptables (
 ) inherits confdroid_nrpe::params {
   if $ne_incl_fw == true {
     firewall { "${ne_fw_order_no}${ne_nrpe_port} port ${ne_nrpe_port}":
-      source => $nagios_server,
+      source => $ne_nagios_source,
       proto  => 'tcp',
       dport  => $ne_nrpe_port,
       jump   => 'accept',
diff --git a/manifests/params.pp b/manifests/params.pp
index 05d4833..d15096b 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -74,6 +74,9 @@
 # @param [Array] reqpackages which packages to install
 # @param [Boolean] ne_manage_cmds Whether to manage command rules for NRPE
 #   checks, to allow dynamic check & command rules.
+# @param [String] ne_nagios_source the source address for the firewall rule. 
+#   Adjust to your  environment if needed. Default is '0.0.0.0/0' to allow 
+#   all sources, but it is recommended to specify the nagios server IP or subnet.
 ###############################################################################
 class confdroid_nrpe::params (
 
@@ -120,6 +123,7 @@ class confdroid_nrpe::params (
 # firewall
   Boolean $ne_incl_fw                = true,
   String $ne_fw_order_no             = '50',
+  String $ne_nagios_source           = '0.0.0.0/0',
 
 # selinux
   Boolean $ne_include_selinux        = true,