diff --git a/roles/firewall/templates/nftables.nft.j2 b/roles/firewall/templates/nftables.nft.j2
index 14baf08..9f8679c 100644
--- a/roles/firewall/templates/nftables.nft.j2
+++ b/roles/firewall/templates/nftables.nft.j2
@@ -18,8 +18,10 @@ table inet filter {
         type inet_proto . inet_service
         flags interval
         elements = {
+            tcp . 53,
             tcp . 88,
             tcp . 135,
+            tcp . 139,
             tcp . 389,
             tcp . 445,
             tcp . 464,
@@ -29,14 +31,31 @@ table inet filter {
             tcp . 9389,
             tcp . 22222-22224,
             tcp . 49152-65535,
+            udp . 53,
             udp . 88,
             udp . 135,
+            udp . 137, # netbios, maybe can do without
+            udp . 138, # netbios, maybe can do without
             udp . 389,
             udp . 464,
             udp . 3269
         }
     }
 
+    set ldap-ports {
+        type inet_proto . inet_service
+        flags interval
+        elements = {
+            tcp . 88,
+            tcp . 389,
+            tcp . 636,
+            tcp . 3268,
+            tcp . 3269,
+            udp . 88,
+            udp . 389
+        }
+    }
+
     chain input {
         type filter hook input priority 0; policy drop