diff --git a/manifests/firewall.pp b/manifests/firewall.pp
index e3af7b5..5703a2d 100644
--- a/manifests/firewall.pp
+++ b/manifests/firewall.pp
@@ -11,26 +11,26 @@
   }
 
   # Default firewall rules
-  firewall { '000 accept all icmp':
-    proto => 'icmp',
-    jump  => 'accept',
-  }
-  -> firewall { '001 accept all to lo interface':
-    proto   => 'all',
-    iniface => 'lo',
-    jump    => 'accept',
-  }
-  -> firewall { '002 reject local traffic not on loopback interface':
-    iniface     => '! lo',
-    proto       => 'all',
-    destination => '127.0.0.1/8',
-    jump        => 'reject',
-  }
-  -> firewall { '003 accept related established rules':
-    proto => 'all',
-    state => ['RELATED', 'ESTABLISHED'],
-    jump  => 'accept',
-  }
+  # firewall { '000 accept all icmp':
+  #   proto => 'icmp',
+  #   jump  => 'accept',
+  # }
+  # -> firewall { '001 accept all to lo interface':
+  #   proto   => 'all',
+  #   iniface => 'lo',
+  #   jump    => 'accept',
+  # }
+  # -> firewall { '002 reject local traffic not on loopback interface':
+  #   iniface     => '! lo',
+  #   proto       => 'all',
+  #   destination => '127.0.0.1/8',
+  #   jump        => 'reject',
+  # }
+  # -> firewall { '003 accept related established rules':
+  #   proto => 'all',
+  #   state => ['RELATED', 'ESTABLISHED'],
+  #   jump  => 'accept',
+  # }
   # Add rules for apache
   if $observium::manage_ssl {
     firewall { "50 Allow https access ${observium::apache_sslport}":
@@ -40,11 +40,11 @@
     }
   }
   else {
-    # firewall { "50 Allow http access ${observium::apache_port}":
-    #   dport => $observium::apache_port,
-    #   proto => 'tcp',
-    #   jump  => 'accept',
-    # }
+    firewall { "50 Allow http access ${observium::apache_port}":
+      dport => $observium::apache_port,
+      proto => 'tcp',
+      jump  => 'accept',
+    }
   }
   # Ensure ssh is open
   firewall { '004 Allow inbound SSH':