diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index 667e9a447ae13e1b33649d7516cba52dce4ad0e5..c9c141521937f5a10b552b30a844acde1b9b2d7f 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -59,6 +59,13 @@ resource "hcloud_firewall" "k8s-node" {
       port            = "5473"
       source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
   }
+  rule {
+      description     = "Calico Wireguard"
+      direction       = "in"
+      protocol        = "udp"
+      port            = "51820"
+      source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+  }
   # Host level services, including the node exporter on ports 9100-9101.
   rule {
       description     = "Host level services"