diff --git a/modules/cloud-config-container/simple-nva/cloud-config.yaml b/modules/cloud-config-container/simple-nva/cloud-config.yaml
index 521acd8fc..9b6b50e24 100644
--- a/modules/cloud-config-container/simple-nva/cloud-config.yaml
+++ b/modules/cloud-config-container/simple-nva/cloud-config.yaml
@@ -54,6 +54,9 @@ write_files:
 %{ for route in interface.routes ~}
       ip route add ${route} via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/${interface.number}/gateway -H "Metadata-Flavor:Google"` dev ${interface.name}
 %{ endfor ~}
+%{ for port in firewall_open_ports ~}
+      iptables -A INPUT -p all --dport ${port} -j ACCEPT
+%{ endfor ~}
 %{ endfor ~}
 
 bootcmd:
diff --git a/modules/cloud-config-container/simple-nva/main.tf b/modules/cloud-config-container/simple-nva/main.tf
index 1fc1b540e..2fd8095ce 100644
--- a/modules/cloud-config-container/simple-nva/main.tf
+++ b/modules/cloud-config-container/simple-nva/main.tf
@@ -67,32 +67,39 @@ locals {
     } : {}
   )
 
-  _frr_daemons = [
-    "zebra",
-    "bgpd",
-    "ospfd",
-    "ospf6d",
-    "ripd",
-    "ripngd",
-    "isisd",
-    "pimd",
-    "ldpd",
-    "nhrpd",
-    "eigrpd",
-    "babeld",
-    "sharpd",
-    "staticd",
-    "pbrd",
-    "bfdd",
-    "fabricd"
-  ]
+  _frr_daemons = {
+    "zebra": []
+    "bgpd": ["179"]
+    "ospfd": []
+    "ospf6d": []
+    "ripd": ["520"]
+    "ripngd": ["521"]
+    "isisd": []
+    "pimd": []
+    "ldpd": ["646"]
+    "nhrpd": []
+    "eigrpd" : []
+    "babeld": []
+    "sharpd": []
+    "staticd": []
+    "pbrd": []
+    "bfdd": ["3784"]
+    "fabricd": []
+  }
 
   _frr_daemons_enabled = try(
     {
-      for daemon in local._frr_daemons :
+      for daemon in keys(local._frr_daemons) :
       "${daemon}_enabled" => contains(var.frr_config.daemons_enabled, daemon) ? "yes" : "no"
   }, {})
 
+  _frr_required_ports = try(
+    [
+      for daemon, ports in local._frr_daemons : contains(var.frr_config.daemons_enabled, daemon) ? ports : []
+    ], [])
+
+  _local_firewall_ports = concat(var.optional_firewall_open_ports, flatten(local._frr_required_ports))
+
   _network_interfaces = [
     for index, interface in var.network_interfaces : {
       name                = "eth${index}"
@@ -118,6 +125,7 @@ locals {
   cloud_config = templatefile(local._template, {
     enable_health_checks = var.enable_health_checks
     files                = local._files
+    firewall_open_ports  = local._local_firewall_ports
     network_interfaces   = local._network_interfaces
     optional_run_cmds    = local._optional_run_cmds
   })
diff --git a/modules/cloud-config-container/simple-nva/variables.tf b/modules/cloud-config-container/simple-nva/variables.tf
index 8ff770b2e..bd70e1bc4 100644
--- a/modules/cloud-config-container/simple-nva/variables.tf
+++ b/modules/cloud-config-container/simple-nva/variables.tf
@@ -86,3 +86,9 @@ variable "optional_run_cmds" {
   type        = list(string)
   default     = []
 }
+
+variable "optional_firewall_open_ports" {
+  description = "Optional Ports to be opened on the local firewall."
+  type        = list(string)
+  default     = []
+}