diff --git a/roles/firewall/templates/nftables.nft.j2 b/roles/firewall/templates/nftables.nft.j2
index baae902..e4c2584 100644
--- a/roles/firewall/templates/nftables.nft.j2
+++ b/roles/firewall/templates/nftables.nft.j2
@@ -27,7 +27,10 @@ table inet filter {
             tcp . 464,
             tcp . 636,
             tcp . 3268-3269,
+            #tcp . 3389, # RDP
             tcp . 5000-5100,
+            tcp . 5985,
+            tcp . 5986,
             tcp . 9389,
             tcp . 22222-22224,
             tcp . 49152-65535,