diff --git a/roles/caddy/defaults/main.yaml b/roles/caddy/defaults/main.yaml
new file mode 100644
index 0000000..b03723a
--- /dev/null
+++ b/roles/caddy/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+caddy_use_firewalld: true
diff --git a/roles/caddy/meta/argument_specs.yaml b/roles/caddy/meta/argument_specs.yaml
index cf8b601..b2acf7d 100644
--- a/roles/caddy/meta/argument_specs.yaml
+++ b/roles/caddy/meta/argument_specs.yaml
@@ -7,3 +7,8 @@ argument_specs:
         description: Email address used for ssl certs
         type: str
         required: true
+      caddy_use_firewalld:
+        description: Whether to open ports using firewalld
+        type: bool
+        required: false
+        default: true
diff --git a/roles/caddy/meta/main.yaml b/roles/caddy/meta/main.yaml
index 4ee7a8b..e8db5ad 100644
--- a/roles/caddy/meta/main.yaml
+++ b/roles/caddy/meta/main.yaml
@@ -8,3 +8,4 @@ dependencies:
         - name: ubuntu
           version_min: 22
   - role: uumas.general.firewalld
+    when: caddy_use_firewalld
diff --git a/roles/caddy/tasks/main.yaml b/roles/caddy/tasks/main.yaml
index 4081537..5982bce 100644
--- a/roles/caddy/tasks/main.yaml
+++ b/roles/caddy/tasks/main.yaml
@@ -52,3 +52,4 @@
     - http
     - https
     - http3
+  when: caddy_use_firewalld