diff --git a/nftables.conf b/nftables.conf
index 56490a4..46dd6cb 100644
--- a/nftables.conf
+++ b/nftables.conf
@@ -14,6 +14,7 @@ table inet nixos-fw {
 
 	chain input-allow {
 		tcp dport 22 accept
+		tcp dport 5432 accept comment "PostgreSQL server"
 		icmp type echo-request accept comment "allow ping"
 		icmpv6 type != { nd-redirect, 139 } accept comment "Accept all ICMPv6 messages except redirects and node information queries (type 139).  See RFC 4890, section 4.4."
 		ip6 daddr fe80::/64 udp dport 546 accept comment "DHCPv6 client"