diff --git a/inventory/service/group_vars/review.yaml b/inventory/service/group_vars/review.yaml
index a24c0dc8d6..fb898758cb 100644
--- a/inventory/service/group_vars/review.yaml
+++ b/inventory/service/group_vars/review.yaml
@@ -1,6 +1,7 @@
 exim_extra_aliases:
   gerrit2: root
 iptables_rules:
+  - -p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j LOG
   - -p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT
 iptables_extra_public_tcp_ports:
   - 80
diff --git a/playbooks/roles/gerrit/tasks/main.yaml b/playbooks/roles/gerrit/tasks/main.yaml
index b7f5fb4386..dfcb220822 100644
--- a/playbooks/roles/gerrit/tasks/main.yaml
+++ b/playbooks/roles/gerrit/tasks/main.yaml
@@ -333,3 +333,9 @@
 
 - name: Setup db backups
   include_tasks: backup.yaml
+
+# This is handy to have for inspecting the firewall's connection tracking.
+- name: Install conntrack
+  package:
+    name: conntrack
+    state: present