diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure
index d4a6b2df73..abe551a98e 100644
--- a/inventory/group_vars/pagure
+++ b/inventory/group_vars/pagure
@@ -7,12 +7,13 @@ custom_rules: [
     '-A INPUT -s 47.76.209.138/32 -j REJECT',
     '-A INPUT -s 47.76.99.127/32 -j REJECT'
 ]
-nft_custom_rules:
+nft_block_rules:
   - 'add rule ip filter INPUT ip saddr 81.69.171.38   counter reject'
   - 'add rule ip filter INPUT ip saddr 175.24.248.206 counter reject'
   - 'add rule ip filter INPUT ip saddr 47.76.0.0/14  counter reject'
   - 'add rule ip filter INPUT ip saddr 47.80.0.0/13  counter reject'
   - 'add rule ip filter INPUT ip saddr 47.74.0.0/15  counter reject'
+  - 'add rule ip filter INPUT ip saddr 66.249.64.0/24  counter reject'
 # For the MOTD
 db_backup_dir: ['/backups']
 dbs_to_backup: ['pagure']
diff --git a/roles/base/templates/nftables/nftables b/roles/base/templates/nftables/nftables
index f6244af11a..a8631a84d1 100644
--- a/roles/base/templates/nftables/nftables
+++ b/roles/base/templates/nftables/nftables
@@ -67,6 +67,12 @@ add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type
 {% endif %}
 
 
+{% if nft_block_rules is defined %}
+# if there are block rules - put them in as-is
+{% for rule in nft_block_rules %}
+{{ rule }}
+{% endfor %}
+{% endif %}
 # if the host/group defines incoming tcp_ports - allow them
 {% if tcp_ports is defined %}
 {% for port in tcp_ports %}