diff --git a/host_vars/git.crypto-libertarian.com.yml b/host_vars/git.crypto-libertarian.com.yml
index 083e770..edb43fb 100644
--- a/host_vars/git.crypto-libertarian.com.yml
+++ b/host_vars/git.crypto-libertarian.com.yml
@@ -24,20 +24,12 @@ common__certbot__pre_hook: 'systemctl is-active apache2.service && systemctl sto
 common__iptables__drop_by_default: true
 
 common__iptables__v4_filter: |
-  # Allow incoming HTTP.
-  -A INPUT  -p tcp --dport 80  -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-  -A OUTPUT -p tcp --sport 80  -m conntrack --ctstate ESTABLISHED     -j ACCEPT
+  # Allow incoming HTTP, HTTPS.
+  -A INPUT  -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+  -A OUTPUT -p tcp -m multiport --sports 80,443 -m conntrack --ctstate ESTABLISHED     -j ACCEPT
 
-  # Deny other HTTP.
-  -A INPUT  -p tcp --dport 80 -j REJECT
-  -A OUTPUT -p tcp --sport 80 -j REJECT
-
-  # Allow incoming HTTPS.
-  -A INPUT  -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-  -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED     -j ACCEPT
-
-  # Deny other HTTPS.
-  -A INPUT  -p tcp --dport 443 -j REJECT
-  -A OUTPUT -p tcp --sport 443 -j REJECT
+  # Deny other HTTP, HTTPS.
+  -A INPUT  -p tcp -m multiport --dports 80,443 -j REJECT
+  -A OUTPUT -p tcp -m multiport --sports 80,443 -j REJECT
 
 common__iptables__v6_filter: '{{ common__iptables__v4_filter }}'
diff --git a/host_vars/matrix.crypto-libertarian.com.yml b/host_vars/matrix.crypto-libertarian.com.yml
index 03a82d7..1a242b5 100644
--- a/host_vars/matrix.crypto-libertarian.com.yml
+++ b/host_vars/matrix.crypto-libertarian.com.yml
@@ -121,28 +121,12 @@ matrix__static__access_token: !vault |
 common__iptables__drop_by_default: true
 
 common__iptables__v4_filter: |
-  # Allow incoming HTTP.
-  -A INPUT  -p tcp --dport 80  -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-  -A OUTPUT -p tcp --sport 80  -m conntrack --ctstate ESTABLISHED     -j ACCEPT
+  # Allow incoming HTTP, HTTPS, Matrix.
+  -A INPUT  -p tcp -m multiport --dport 80,443,8448 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+  -A OUTPUT -p tcp -m multiport --sport 80,443,8448 -m conntrack --ctstate ESTABLISHED     -j ACCEPT
 
-  # Deny other HTTP.
-  -A INPUT  -p tcp --dport 80 -j REJECT
-  -A OUTPUT -p tcp --sport 80 -j REJECT
-
-  # Allow incoming HTTPS.
-  -A INPUT  -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-  -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED     -j ACCEPT
-
-  # Deny other HTTPS.
-  -A INPUT  -p tcp --dport 443 -j REJECT
-  -A OUTPUT -p tcp --sport 443 -j REJECT
-
-  # Allow incoming Matrix (HTTPS).
-  -A INPUT  -p tcp --dport 8448 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-  -A OUTPUT -p tcp --sport 8448 -m conntrack --ctstate ESTABLISHED     -j ACCEPT
-
-  # Deny other Matrix (HTTPS).
-  -A INPUT  -p tcp --dport 8448 -j REJECT
-  -A OUTPUT -p tcp --sport 8448 -j REJECT
+  # Deny other HTTP, HTTPS, Matrix.
+  -A INPUT  -p tcp -m multiport --dport 80,443,8448 -j REJECT
+  -A OUTPUT -p tcp -m multiport --sport 80,443,8448 -j REJECT
 
 common__iptables__v6_filter: '{{ common__iptables__v4_filter }}'