diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix
index 98274df..11a87bd 100644
--- a/modules/ldap/default.nix
+++ b/modules/ldap/default.nix
@@ -122,4 +122,9 @@ in
       };
     };
   };
+  networking.firewall = {
+    extraInputRules = ''
+      ip saddr { 141.30.86.192/26, 141.76.100.128/25 } tcp dport 636 accept comment "Allow ldaps access from office nets"
+    '';
+  };
 }