diff --git a/firewall b/firewall
index b0cf2d0..dd65d6c 100755
--- a/firewall
+++ b/firewall
@@ -210,8 +210,11 @@ fw_start() {
     $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 123 -m state --state NEW -m comment --comment "NTP out"
   fi
 
-#  #### Puppet (connection, ... )
-#  $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" --dport 8140 -m state --state NEW -m comment --comment "Puppet out"
+  if [ $(command -v puppet) ]; then
+    #### Puppet (connection, ... )
+    $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" --dport 8140 -m state --state NEW -m comment --comment "Puppet out"
+  fi
+
   #### OpenPGP HTTP key server (add key, maj, ...)
   $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 11371 -m state --state NEW -m comment --comment "OpenPGP req"