diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index 8e1e8a138301222a6b3950a709fd3d9abc500f76..39e8b028ebaaccd37281e4a13382634ad9529c1b 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -75,29 +75,29 @@ resource "hcloud_firewall" "k8s-master" {
         "::/0"
       ]
   }
-  # Kubernetes API
   rule {
+      description     = "Kubernetes API"
       direction       = "in"
       protocol        = "tcp"
       port            = "6443"
       source_ips      = [for s in concat([hcloud_load_balancer.lb.ipv4],module.nodes.ipv4_addresses) : "${s}/32"]
   }
-  # etcd server and peer ports + monitoring
   rule {
+      description     = "etcd"
       direction       = "in"
       protocol        = "tcp"
       port            = "2379-2381"
       source_ips      = [for s in module.nodes.ipv4_addresses : "${s}/32"]
   }
-  # kube-scheduler
   rule {
+      description     = "kube-scheduler"
       direction       = "in"
       protocol        = "tcp"
       port            = "10251"
       source_ips      = [for s in module.nodes.ipv4_addresses : "${s}/32"]
   }
-  # kube-controller-manager
   rule {
+      description     = "kube-controller-manager"
       direction       = "in"
       protocol        = "tcp"
       port            = "10252"
@@ -124,12 +124,14 @@ resource "hcloud_firewall" "k8s-ingress" {
       ]
   }
   rule {
+      description     = "Public HTTP"
       direction       = "in"
       protocol        = "tcp"
       port            = "80"
       source_ips      = [for s in [hcloud_load_balancer.lb.ipv4] : "${s}/32"]
   }
   rule {
+      description     = "Public HTTPS"
       direction       = "in"
       protocol        = "tcp"
       port            = "443"