diff --git a/defaults/main.yml b/defaults/main.yml
index 41d78687..ff4a09d8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -337,6 +337,8 @@ octavia_amp_image_resource:
 
 # Name of the Octavia security group
 octavia_security_group_name: octavia_sec_grp
+# Additional rules to add to the security group for the amphora
+octavia_security_group_additional_rules: []
 # Restrict access to only authorized hosts
 octavia_security_group_rule_cidr: "{{ octavia_management_net_subnet_cidr }}"
 # ssh enabled - switch to True if you need ssh access to the amphora
diff --git a/releasenotes/notes/add-additional-security-group-rules-support-99470d209ffa97c4.yaml b/releasenotes/notes/add-additional-security-group-rules-support-99470d209ffa97c4.yaml
new file mode 100644
index 00000000..25a956a8
--- /dev/null
+++ b/releasenotes/notes/add-additional-security-group-rules-support-99470d209ffa97c4.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Added a new variable ``octavia_security_group_additional_rules``
+    that allows configuration of additional security group rules for
+    Amphora.
diff --git a/tasks/octavia_resources.yml b/tasks/octavia_resources.yml
index 45936e75..f084a992 100644
--- a/tasks/octavia_resources.yml
+++ b/tasks/octavia_resources.yml
@@ -97,6 +97,7 @@
             {% if octavia_management_net_dhcp %}
             {%   set _ = rules.append(_octavia_security_rule_dhcp) %}
             {% endif %}
+            {% set _ = rules.extend(octavia_security_group_additional_rules) %}
             {{ rules }}
     openstack_resources_network: |-
       {% set network_resources = _octavia_security_groups %}