diff --git a/etc/kayobe/inventory/group_vars/all/firewall b/etc/kayobe/inventory/group_vars/all/firewall
index 488e95b65..da87a53ce 100644
--- a/etc/kayobe/inventory/group_vars/all/firewall
+++ b/etc/kayobe/inventory/group_vars/all/firewall
@@ -232,7 +232,7 @@ stackhpc_ceph_firewalld_rules_template:
         state: enabled
       - service: ceph-mon
         network: "{{ storage_net_name }}"
-        state: "{{ 'enabled' if 'mons' in group_names else 'disabled' }}"
+        state: "{{ 'enabled' if ('mons' in group_names or 'osds' in group_names) else 'disabled' }}"
       - port: "{{ stackhpc_ceph_firewalld_radosgw_port }}/tcp"
         network: "{{ storage_net_name }}"
         state: "{{ 'enabled' if 'rgws' in group_names else 'disabled' }}"
diff --git a/releasenotes/notes/add-ceph-mon-firewall-to-osds-fc6233b3db6ade7a.yaml b/releasenotes/notes/add-ceph-mon-firewall-to-osds-fc6233b3db6ade7a.yaml
new file mode 100644
index 000000000..9b4dbc11a
--- /dev/null
+++ b/releasenotes/notes/add-ceph-mon-firewall-to-osds-fc6233b3db6ade7a.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Add `ceph-mon` as a `firewalld` service rule to hosts of `osds`.