diff --git a/README.md b/README.md
index b822536b93ba9a0eb9a7d8681da10004aca1f33c..3037de4f16f676087b3bf46f0c91a2e809a71ea7 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Other variables that are used in this role (with default values in defaults/main
 * dockremap_subuid : first subuid used for user namespace remap for Docker (defaults to 165536) - should be retrieved by docker_server role in host_vars
 * dockremap_subgid : first subgid used for user namespace remap for Docker (defaults to 165536) - should be retrieved by docker_server role in host_vars
 * logstash_port : port on which logstash server is listening for log collection (defaults to 5044)
+* logstash_public_ip : logstash public ip address for log collection (defaults to 127.0.0.1)
 * private_pull : whether a scheduled pulling of files via SFTP is to be performed on server (defaults to false)
 
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 7c814f4c8fbf1c95fb53928768fc323354e5db26..faa0c3221eb20ce18d94fcdb5ec4f455c68a3658 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,4 +6,5 @@ docker_userns_remap: true
 dockremap_subuid: 165536
 dockremap_subgid: 165536
 logstash_port: 5044
+logstash_public_ip: "127.0.0.1"
 private_pull: false
diff --git a/templates/iptables.conf.j2 b/templates/iptables.conf.j2
index 35e5c74461f39a209b72e888cc752d9fe28d2547..28f407f16c8f1ee6e3cc62496ded06ae65ad9d56 100644
--- a/templates/iptables.conf.j2
+++ b/templates/iptables.conf.j2
@@ -95,6 +95,7 @@
 {% for host in groups.docker_elk %}
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
 {% endfor %}
+-A OUTPUT -d {{ logstash_public_ip }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
 {% endif %}
 {% if inventory_hostname in groups.odoo_server %}
 # IMAP