diff --git a/machines/cj/firewall.nix b/machines/cj/firewall.nix
index 9a30d97..e01061a 100644
--- a/machines/cj/firewall.nix
+++ b/machines/cj/firewall.nix
@@ -7,20 +7,13 @@
     #8123  # home-assistant
     #3000  # gitea
     8081  # vaultwarden
-    # If we are reverse proxying we should map to a different port than 443 or
-    # 80. Here we blackhole those ports so that pihole will be more efficient.
-    # When pihole "blocks" a site, depending on configuration what it may really
-    # does is returns its own IP, so the client then requests the content from
-    # this node at whichever port it needs. That is usually 80 or 443 for http
-    # and https, so it's better to block these fast than to pass all that
-    # traffic to some actual service.
-    #80 443  # reverse proxy
+    80 443  # reverse proxy
   ];
   allowedUDPPorts = [
     22000 21027  # syncthing
     3478 5514 10001 1900 123 # unifi
     53  # pihole
-    #80 443  # reverse proxy
+    80 443  # reverse proxy
   ];
   allowedUDPPortRanges = [
     { from = 5656; to = 5699; }  # unifi