diff --git a/ansible/roles/ingress/files/nftables.conf b/ansible/roles/ingress/files/nftables.conf
index 436cd74..c7d340f 100644
--- a/ansible/roles/ingress/files/nftables.conf
+++ b/ansible/roles/ingress/files/nftables.conf
@@ -11,6 +11,10 @@ table inet filter {
 
         iif lo accept
 
+        # Allow ICMP (pings)
+        ip protocol icmp accept
+        meta l4proto icmpv6 accept
+
         tcp dport {http, https, {{ ssh_port }}, 8443, 8448} accept
 
         # Allow nebula