diff --git a/apps/k8s01/jellyfin/kustomization.yaml b/apps/k8s01/jellyfin/kustomization.yaml
index 86e9a63d137c92921285973513b29cc00070d4df..93d58e9751c0408ab63c03016840e45b5ed3bf5b 100644
--- a/apps/k8s01/jellyfin/kustomization.yaml
+++ b/apps/k8s01/jellyfin/kustomization.yaml
@@ -10,7 +10,10 @@ resources:
   - certificate.yaml
   - ingress.yaml
   - slo.yaml
+  - ../../../shared/networkpolicies/deny-by-default-ingress.yaml
+  - ../../../shared/networkpolicies/deny-by-default-egress.yaml
   - ../../../shared/networkpolicies/allow-from-ingress.yaml
+  - ../../../shared/networkpolicies/allow-to-public-web.yaml
   - ../../../shared/resourcequotas/default.yaml
 patchesStrategicMerge:
   - networkpolicy.yaml
\ No newline at end of file
diff --git a/apps/k8s01/jellyfin/networkpolicy.yaml b/apps/k8s01/jellyfin/networkpolicy.yaml
index 66e15f631745d8a2e55a78f1f1cde92aabb3525c..ab9a83f1d3e7c5c648bcd2d87d10c4866040a57d 100644
--- a/apps/k8s01/jellyfin/networkpolicy.yaml
+++ b/apps/k8s01/jellyfin/networkpolicy.yaml
@@ -6,6 +6,19 @@ metadata:
   labels:
     app.kubernetes.io/name: jellyfin
     app.kubernetes.io/component: jellyfin
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: jellyfin
+      app.kubernetes.io/component: jellyfin
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-public-web
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/component: jellyfin
 spec:
   podSelector:
     matchLabels: