diff --git a/roles/bastionhost/tasks/system_setup/firewall.yml b/roles/bastionhost/tasks/system_setup/firewall.yml
index 27443d3..e7fdebd 100644
--- a/roles/bastionhost/tasks/system_setup/firewall.yml
+++ b/roles/bastionhost/tasks/system_setup/firewall.yml
@@ -16,6 +16,16 @@
     proto: tcp
     src: 'any'
 
+- name: system setup | firewall | allow ping (ICMP) from internal network via iptables rule
+  blockinfile:
+    path: /etc/ufw/user.rules
+    marker: "### {mark} ANSIBLE MANAGED BLOCK (ICMP for internal network)"
+    insertbefore: "^COMMIT"
+    block: |
+      # Allow incoming ICMP (ping) requests from internal network
+      -A ufw-user-input -p icmp --icmp-type echo-request -s 192.168.1.0/24 -j ACCEPT
+  notify: reload ufw firewall
+
 - name: system setup | firewall | allow other monitoring traffic from internal networks
   community.general.ufw:
     rule: allow