diff --git a/library/roles/iptables/templates/iptables-rules.v4.j2 b/library/roles/iptables/templates/iptables-rules.v4.j2
index fff1fb2..dfcc792 100644
--- a/library/roles/iptables/templates/iptables-rules.v4.j2
+++ b/library/roles/iptables/templates/iptables-rules.v4.j2
@@ -175,6 +175,16 @@
 {% endif %}
 {% endif %}
 {% endif %}
+{% if zabbix_agent_install is defined and zabbix_agent_install %}
+{% if zabbix_agent_passive_checks_status == "enabled" %}
+# Zabbix servers that can send passive checks
+{% for ip in zabbix_monitoring_servers %}
+-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport {{ zabbix_agent_tcp_port }} -j ACCEPT
+{% endfor %}
+-A INPUT -m state --state NEW -p tcp -m tcp --dport {{ zabbix_agent_tcp_port }} -j REJECT --reject-with icmp-host-prohibited
+{% endif %}
+{% endif %}
+
 {% if configure_munin is defined %}
 {% if configure_munin %}
 {% if munin_server %}