diff --git a/global/overlay/etc/puppet/modules/dns/manifests/apache2.pp b/global/overlay/etc/puppet/modules/dns/manifests/apache2.pp
index d70bff4..5fd235f 100644
--- a/global/overlay/etc/puppet/modules/dns/manifests/apache2.pp
+++ b/global/overlay/etc/puppet/modules/dns/manifests/apache2.pp
@@ -25,4 +25,16 @@ class dns::apache2 {
   exec { 'a2ensite dns-rest-api':
     notify      => Service['apache2'],
   }
+  sunet::nftables::rule { 'apache-http':
+    rule => "add rule inet filter input tcp dport 80 counter accept comment \"allow-apache2-http\""
+  }
+  sunet::nftables::rule { 'apache-http-v6':
+    rule => "add rule inet6 filter input tcp dport 80 counter accept comment \"allow-apache2-http\""
+  }
+  sunet::nftables::rule { 'apache-https':
+    rule => "add rule inet filter input tcp dport 443 counter accept comment \"allow-apache2-https\""
+  }
+  sunet::nftables::rule { 'apache-https-v6':
+    rule => "add rule inet6 filter input tcp dport 443 counter accept comment \"allow-apache2-https\""
+  }
 }