diff --git a/nftables-social.conf b/nftables-social.conf
index 1c4c61e..8d1d81a 100644
--- a/nftables-social.conf
+++ b/nftables-social.conf
@@ -48,13 +48,10 @@ table inet filter {
     }
 
     chain output-internal {
-        skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 th dport != {3000, 4000} accept
-        skuid {chrony, mastodon} meta l4proto {tcp, udp} th sport >= 1024 th sport != {3000, 4000} th dport 53 accept
+        skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 accept
+        skuid {chrony, mastodon} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
 
-        skuid postgres udp sport >= 1024 udp sport != {3000, 4000} udp dport >= 1024 udp dport != {3000, 4000} accept
-
-        skuid mastodon tcp sport {3000, 4000} tcp dport >= 1024 tcp dport != {3000, 4000} accept
-        skuid http tcp sport >= 1024 tcp sport != {3000, 4000} tcp dport {3000, 4000} accept
+        skuid postgres udp sport >= 1024 udp dport >= 1024 accept
 
         skuid != root counter goto output-reject
         accept
diff --git a/unbound.conf b/unbound.conf
index 375318e..bf2924f 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -8,8 +8,6 @@ server:
     hide-identity: yes
     hide-version: yes
     outgoing-port-permit: 1024-65535
-    outgoing-port-avoid: 3000 # mastodon web
-    outgoing-port-avoid: 4000 # mastodon streaming
     outgoing-port-avoid: 7275 # supl
     outgoing-port-avoid: 8008 # synapse
     outgoing-port-avoid: 8080 # attestation