diff --git a/roles/custom/matrix-continuwuity/defaults/main.yml b/roles/custom/matrix-continuwuity/defaults/main.yml
index 39e6bea33..a9046e94f 100644
--- a/roles/custom/matrix-continuwuity/defaults/main.yml
+++ b/roles/custom/matrix-continuwuity/defaults/main.yml
@@ -193,3 +193,6 @@ matrix_continuwuity_self_check_validate_certificates: true
 #   continuwuity_MAX_REQUEST_SIZE=50000000
 #   continuwuity_REQUEST_TIMEOUT=60
 matrix_continuwuity_environment_variables_extension: ''
+
+matrix_continuwuity_forbidden_remote_server_names: []
+matrix_continuwuity_forbidden_remote_room_directory_server_names: []
diff --git a/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2 b/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
index 6e353a1ae..46b78a2aa 100644
--- a/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
+++ b/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
@@ -1164,13 +1164,13 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
 #
 # Basically "global" ACLs.
 #
-#forbidden_remote_server_names = []
+forbidden_remote_server_names = {{ matrix_continuwuity_forbidden_remote_server_names | to_json }}
 
 # List of forbidden server names that we will block all outgoing federated
 # room directory requests for. Useful for preventing our users from
 # wandering into bad servers or spaces.
 #
-#forbidden_remote_room_directory_server_names = []
+forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_remote_room_directory_server_names | to_json }}
 
 # Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 # do not want continuwuity to send outbound requests to. Defaults to