diff --git a/roles/pf/files/pf.conf.gw_home b/roles/pf/files/pf.conf.gw_home
index 58053d0..01f709a 100644
--- a/roles/pf/files/pf.conf.gw_home
+++ b/roles/pf/files/pf.conf.gw_home
@@ -55,6 +55,10 @@ pass in quick on $int_if proto tcp from $int_net to self port domain-s
 # allow tftp from internal net
 pass in quick on $int_if proto udp from $int_net to self port tftp
 
+# allow http and https from outside
+pass in quick on $ext_if proto tcp from any to self port http
+pass in quick on $ext_if proto tcp from any to self port https
+
 # block rest of packets coming to me
 block in quick from any to self