diff --git a/tasks/system_cfg/firewall.yml b/tasks/system_cfg/firewall.yml
index ea26c82c7d96bbd74396eb3e1734c6d98f892c8a..d09e48a0c1c73e335543590147b1487a5323a8c9 100644
--- a/tasks/system_cfg/firewall.yml
+++ b/tasks/system_cfg/firewall.yml
@@ -23,6 +23,26 @@
     direction: outgoing
     policy: allow
 
+- name: UFW | allow local IPs on port 22 IN
+  when: inventory_hostname in groups.station
+  loop: "{{ groups['station'] }}"
+  community.general.ufw:
+    direction: in
+    port: '22'
+    proto: tcp
+    rule: allow
+    src: "{{hostvars[item]['ansible_host']}}"
+
+- name: "UFW | allow {{gateway}} IP on port 22 IN"
+  when: (inventory_hostname in groups.production) or
+        (inventory_hostname in groups.devel)
+  community.general.ufw:
+    direction: in
+    port: '22'
+    proto: tcp
+    rule: allow
+    src: "{{gateway}}"
+
 - name: UFW | limit tcp port 22 IN
   community.general.ufw:
     direction: in