diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
index de01b92ca..ba817692f 100644
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@@ -7,6 +7,8 @@
     <stockholm/krebs/2configs/matterbridge.nix>
   ];
 
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
   krebs.build.host = config.krebs.hosts.ponte;
 
   krebs.pages.enable = true;