diff --git a/inventory/builders b/inventory/builders
index bc49b7afdb..5d5ade76f0 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -265,6 +265,28 @@ buildvm-s390x-15.s390.fedoraproject.org
 buildvm-s390x-16.s390.fedoraproject.org
 buildvm-s390x-17.s390.fedoraproject.org
 
+# These are builders in the osbuild channel.
+# This means they are used for osbuild jobs and need
+# a special ipset to allow them to talk to the osbuild
+# API endpoint.
+[osbuild]
+buildhw-x86-01.iad2.fedoraproject.org
+buildhw-x86-02.iad2.fedoraproject.org
+buildhw-x86-03.iad2.fedoraproject.org
+buildhw-x86-04.iad2.fedoraproject.org
+buildhw-x86-05.iad2.fedoraproject.org
+buildhw-x86-06.iad2.fedoraproject.org
+buildhw-x86-07.iad2.fedoraproject.org
+buildhw-x86-08.iad2.fedoraproject.org
+buildhw-x86-09.iad2.fedoraproject.org
+buildhw-x86-10.iad2.fedoraproject.org
+buildhw-x86-11.iad2.fedoraproject.org
+buildhw-x86-12.iad2.fedoraproject.org
+buildhw-x86-13.iad2.fedoraproject.org
+buildhw-x86-14.iad2.fedoraproject.org
+buildhw-x86-15.iad2.fedoraproject.org
+buildhw-x86-16.iad2.fedoraproject.org
+
 [builders:children]
 buildhw
 buildvm
diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index 4d8d0036ea..3872877ff6 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -27,8 +27,10 @@
 {% endfor %}
 {% endif %}
 
+{% if host in groups['osbuild'] %}
 # osbuild api for osbuild koji plugin
 -A OUTPUT -p tcp --dport 443 -m set --match-set osbuildapi dst -j ACCEPT
+{% endif %}
 
 # kojipkgs
 {% if host in groups['buildvm_s390x'] %}