diff --git a/infra/static-vultr/firewall.tf b/infra/static-vultr/firewall.tf
index 357bd53..55f2e6f 100644
--- a/infra/static-vultr/firewall.tf
+++ b/infra/static-vultr/firewall.tf
@@ -12,6 +12,17 @@ resource vultr_firewall_rule web_v4 {
   port        = each.value
 }
 
+resource vultr_firewall_rule web_v6 {
+  for_each = toset(["80", "443"])
+  firewall_group_id = vultr_firewall_group.host.id
+  protocol = "tcp"
+  ip_type  = "v6"
+  subnet   = "::"
+  subnet_size = 0
+  port     = each.value
+}
+
+# Turn this off when we're not doing maintenance
 resource vultr_firewall_rule ssh_v4 {
   count = var.enable_ssh ? 1 : 0
   firewall_group_id = vultr_firewall_group.host.id
diff --git a/infra/static-vultr/host.tf b/infra/static-vultr/host.tf
index e7ad896..db696dc 100644
--- a/infra/static-vultr/host.tf
+++ b/infra/static-vultr/host.tf
@@ -17,4 +17,5 @@ resource "vultr_instance" "websites" {
     hour = var.host.backups.hour
   }
   ssh_key_ids = [ vultr_ssh_key.host.id ]
+  firewall_group_id = vultr_firewall_group.host.id
 }