diff --git a/pillar/firewall/osquery_endpoint.sls b/pillar/firewall/osquery_endpoint.sls
new file mode 100644
index 000000000..cfc6051b8
--- /dev/null
+++ b/pillar/firewall/osquery_endpoint.sls
@@ -0,0 +1,3 @@
+osquery_endpoint:
+  - 127.0.0.1
+  
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 47e230779..34e69739f 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -10,7 +10,7 @@
 
 {% elif grains['role'] == 'so-sensor'%}
 
-{%- set ip = salt['pillar.get']('sensor:mainip', '') %}
+{%- set ip = salt['pillar.get']('node:mainip', '') %}
 
 {% endif %}
 
@@ -347,6 +347,22 @@ enable_standard_beats_5044_{{ip}}:
 
 {% endfor %}
 
+# Allow OSQuery Endpoints to send their traffic
+{% for ip in pillar.get('osquery_endpoint')  %}
+
+enable_standard_osquery_8080_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 8080
+    - position: 1
+    - save: True
+
+{% endfor %}
+
 # Allow Analysts
 {% for ip in pillar.get('analyst')  %}