diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index c07d5bc3b0879f17693a8e52d12b9a22e909e36d..c1663a25ef11c19994edbf0f1a1a7400d455a9ad 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -99,11 +99,11 @@ resource "hcloud_firewall" "k8s-master" {
       port            = "6443"
       source_ips      = [for s in concat([hcloud_load_balancer.lb.ipv4],module.nodes.ipv4_addresses) : "${s}/32"]
   }
-  # etcd server and peer ports
+  # etcd server and peer ports + monitoring
   rule {
       direction       = "in"
       protocol        = "tcp"
-      port            = "2379-2380"
+      port            = "2379-2381"
       source_ips      = [for s in module.nodes.ipv4_addresses : "${s}/32"]
   }
   # kube-scheduler