diff --git a/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables.d/egress_git.nft.j2 b/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables.d/egress_git.nft.j2
new file mode 100644
index 0000000..83cad84
--- /dev/null
+++ b/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables.d/egress_git.nft.j2
@@ -0,0 +1,5 @@
+table inet filter {
+    chain output {
+        tcp dport 9418 accept
+    }
+}