diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 351675a..b63eb96 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,14 @@ msvsphere.ci Release Notes
 .. contents:: Topics
 
 
+v0.1.8
+======
+
+Minor Changes
+-------------
+
+- kerberos_kdc - open Kerberos service to public if firewalld is present.
+
 v0.1.7
 ======
 
diff --git a/changelogs/.plugin-cache.yaml b/changelogs/.plugin-cache.yaml
index 6a010c0..d602504 100644
--- a/changelogs/.plugin-cache.yaml
+++ b/changelogs/.plugin-cache.yaml
@@ -60,4 +60,4 @@ plugins:
   strategy: {}
   test: {}
   vars: {}
-version: 0.1.7
+version: 0.1.8
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
index c457d63..ca2f7f7 100644
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -91,3 +91,10 @@ releases:
     - 4-koji_cli_kerberos-support.yml
     - 5-koji_server-sidetags-support.yml
     release_date: '2023-12-28'
+  0.1.8:
+    changes:
+      minor_changes:
+      - kerberos_kdc - open Kerberos service to public if firewalld is present.
+    fragments:
+    - 6-kerberos_kdc_firewall_rules.yml
+    release_date: '2024-01-25'
diff --git a/changelogs/fragments-archive/6-kerberos_kdc_firewall_rules.yml b/changelogs/fragments-archive/6-kerberos_kdc_firewall_rules.yml
new file mode 100644
index 0000000..481e5ad
--- /dev/null
+++ b/changelogs/fragments-archive/6-kerberos_kdc_firewall_rules.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - kerberos_kdc - open Kerberos service to public if firewalld is present.
diff --git a/galaxy.yml b/galaxy.yml
index 35acf80..a0dd840 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: msvsphere
 name: ci
-version: 0.1.7
+version: 0.1.8
 readme: README.md
 authors:
   - Eugene Zamriy <ezamriy@msvsphere-os.ru>
diff --git a/roles/kerberos_kdc/tasks/main.yml b/roles/kerberos_kdc/tasks/main.yml
index d6d8b0d..adc1e6d 100644
--- a/roles/kerberos_kdc/tasks/main.yml
+++ b/roles/kerberos_kdc/tasks/main.yml
@@ -77,3 +77,17 @@
     name: kadmin
     enabled: true
     state: started
+
+- name: Get firewalld service status
+  ansible.builtin.systemd:
+    name: firewalld
+  register: firewalld_service_status
+
+- name: Open Kerberos port on firewall
+  ansible.posix.firewalld:
+    zone: public
+    service: kerberos
+    immediate: true
+    permanent: true
+    state: enabled
+  when: firewalld_service_status.status.ActiveState == 'active'