diff --git a/config/roles/bridge/files/50obfsvpn.firewall b/config/roles/bridge/files/50obfsvpn.firewall
index e3f3566f4605eac054762d887cf2daa60de60ad0..84e8d4d8c9fa92da481174e9f40cae7170bbbe68 100644
--- a/config/roles/bridge/files/50obfsvpn.firewall
+++ b/config/roles/bridge/files/50obfsvpn.firewall
@@ -1,2 +1,2 @@
-allow_port tcp 443
-allow_port udp 443
+allow_port tcp 443 # Normal non-hopping obfsvpn
+add_rule -I base-input -p tcp --match multiport --dports 49152:65535 -j ACCEPT # Port range for hopping