diff --git a/tasks/main.yml b/tasks/main.yml
index b4ef326390b17b5e594f06a2563c405c44514f28..88bfb36e715586011a0f69e990d744c425f0b399 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -32,6 +32,18 @@
     direction: routed
     policy: allow
 
+- name: Allow DHCP, DNS in UFW
+  with_items:
+  - 53
+  - 67
+  - 68
+  ufw:
+    interface: nspawnbr0
+    policy: allow
+    proto: udp
+    rule: allow
+    to_port: '{{ item }}'
+
 - name: Configure systemd-networkd
   with_fileglob:
   - '*.netdev'