diff --git a/inventory/group_vars/autosign-hardware b/inventory/group_vars/autosign-hardware
new file mode 100644
index 0000000000..cdc99947af
--- /dev/null
+++ b/inventory/group_vars/autosign-hardware
@@ -0,0 +1,6 @@
+---
+# Make connections from signing bridges stateless, they break sigul connections
+# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
+custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org,secondary-bridge01.qa.fedoraproject.org -j ACCEPT']
+
+host_group: autosign
diff --git a/playbooks/groups/autosign.yml b/playbooks/groups/autosign.yml
index 269df8a7e9..1729d1bc3a 100644
--- a/playbooks/groups/autosign.yml
+++ b/playbooks/groups/autosign.yml
@@ -5,7 +5,7 @@
 - include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=autosign"
 
 - name: make the box be real
-  hosts: autosign
+  hosts: autosign:autosign-hardware
   user: root
   gather_facts: True