diff --git a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
index 80ee05aa6e..2e59897b4e 100644
--- a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
@@ -172,5 +172,13 @@
       owner=root
       group=copr
 
+  # open up ports (22, 80, 443)
+  - name: poke holes in the firewall
+    action: command lokkit $item
+    with_items:
+    - --service=ssh
+    - --service=https
+    - --service=http
+
   handlers:
   - include: $handlers/restart_services.yml
diff --git a/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml b/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml
index 6a77d82760..b812b7f26d 100644
--- a/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml
@@ -59,7 +59,15 @@
 
   - name: copy pg_hba.conf
     action: copy src=$files/copr/fe/pg/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
-  
+
+  # open up ports (22, 80, 443)
+  - name: poke holes in the firewall
+    action: command lokkit $item
+    with_items:
+    - --service=ssh
+    - --service=https
+    - --service=http
+ 
   - name: enable services
     action: service state=running enabled=yes name=$item
     with_items: