diff --git a/modules/iptables/manifests/init.pp b/modules/iptables/manifests/init.pp
index 49f94ba90c..491485cf3c 100644
--- a/modules/iptables/manifests/init.pp
+++ b/modules/iptables/manifests/init.pp
@@ -2,8 +2,16 @@
 #
 # http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns
 #
+# params:
+#   rules4: A list of additional iptables v4 rules
+#          eg: [ '-m udp -p udp -s 127.0.0.1 --dport 8125 -j ACCEPT' ]
+#   rules6: A list of additional iptables v6 rules
+#          eg: [ '-m udp -p udp -s ::1 --dport 8125 -j ACCEPT' ]
+#   public_tcp_ports: List of integer TCP ports on which to allow all traffic
+#   public_udp_ports: List of integer UDP ports on which to allow all traffic
 class iptables(
-  $rules = '',
+  $rules4 = [],
+  $rules6 = [],
   $public_tcp_ports = [],
   $public_udp_ports = []
 ) {
diff --git a/modules/iptables/templates/rules.erb b/modules/iptables/templates/rules.erb
index 3d68b7bdbd..82e89f9ff3 100644
--- a/modules/iptables/templates/rules.erb
+++ b/modules/iptables/templates/rules.erb
@@ -23,6 +23,8 @@
 -A openstack-INPUT -m udp -p udp --dport <%= port %> -j ACCEPT
 <% end -%>
 # Per-host rules
-<%= rules %>
+<% rules4.each do |rule| -%>
+-A openstack-INPUT <%= rule %>
+<% end -%>
 -A openstack-INPUT -j REJECT --reject-with icmp-host-prohibited
 COMMIT
diff --git a/modules/iptables/templates/rules.v6.erb b/modules/iptables/templates/rules.v6.erb
index 274e2e47b2..3bf60f2735 100644
--- a/modules/iptables/templates/rules.v6.erb
+++ b/modules/iptables/templates/rules.v6.erb
@@ -21,6 +21,8 @@
 -A openstack-INPUT -m udp -p udp --dport <%= port %> -j ACCEPT
 <% end -%>
 # Per-host rules
-<%= rules %>
+<% rules6.each do |rule| -%>
+-A openstack-INPUT <%= rule %>
+<% end -%>
 -A openstack-INPUT -j REJECT --reject-with icmp6-adm-prohibited
 COMMIT
diff --git a/modules/openstack_project/manifests/server.pp b/modules/openstack_project/manifests/server.pp
index 9fe5855dd2..1fcf520248 100644
--- a/modules/openstack_project/manifests/server.pp
+++ b/modules/openstack_project/manifests/server.pp
@@ -3,11 +3,15 @@
 # A server that we expect to run for some time
 class openstack_project::server (
   $iptables_public_tcp_ports = [],
+  $iptables_rules4           = [],
+  $iptables_rules6           = [],
   $sysadmins                 = [],
   $certname                  = $::fqdn
 ) {
   class { 'openstack_project::template':
     iptables_public_tcp_ports => $iptables_public_tcp_ports,
+    iptables_rules4           => $iptables_rules4,
+    iptables_rules6           => $iptables_rules6,
     certname                  => $certname,
   }
   class { 'exim':
diff --git a/modules/openstack_project/manifests/template.pp b/modules/openstack_project/manifests/template.pp
index 926adaae3e..2d2a41703b 100644
--- a/modules/openstack_project/manifests/template.pp
+++ b/modules/openstack_project/manifests/template.pp
@@ -4,6 +4,8 @@
 #
 class openstack_project::template (
   $iptables_public_tcp_ports = [],
+  $iptables_rules4           = [],
+  $iptables_rules6           = [],
   $install_users = true,
   $certname = $::fqdn
 ) {
@@ -13,6 +15,8 @@ class openstack_project::template (
 
   class { 'iptables':
     public_tcp_ports => $iptables_public_tcp_ports,
+    rules4           => $iptables_rules4,
+    rules6           => $iptables_rules6,
   }
 
   class { 'ntp::server': }