diff --git a/db/Dockerfile b/db/Dockerfile
index e026e1d2..cb8a9fa5 100644
--- a/db/Dockerfile
+++ b/db/Dockerfile
@@ -3,6 +3,7 @@ MAINTAINER Piero Toffanin <pt@masseranolabs.com>
 
 ENV POSTGRES_PASSWORD postgres
 ENV POSTGRES_HOST_AUTH_METHOD trust
+ENV POSTGRES_ALLOW_HOST all
 ENV GOSU_VERSION 1.12
 ENV PG_MAJOR 9.5
 ENV PG_VERSION 9.5.25
diff --git a/db/docker-entrypoint.sh b/db/docker-entrypoint.sh
index 9778e898..7adf35c9 100755
--- a/db/docker-entrypoint.sh
+++ b/db/docker-entrypoint.sh
@@ -222,6 +222,7 @@ docker_setup_env() {
 }
 
 # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# set POSTGRES_ALLOW_HOST to limit trusted hosts, can be ip or domain, default is "all"
 pg_setup_hba_conf() {
 	{
 		echo
@@ -229,7 +230,7 @@ pg_setup_hba_conf() {
 			echo '# warning trust is enabled for all connections'
 			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
 		fi
-		echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
+		echo "host all all $POSTGRES_ALLOW_HOST $POSTGRES_HOST_AUTH_METHOD"
 	} >> "$PGDATA/pg_hba.conf"
 }