diff --git a/packstack/plugins/swift_600.py b/packstack/plugins/swift_600.py
index 31128d389..483e036fb 100644
--- a/packstack/plugins/swift_600.py
+++ b/packstack/plugins/swift_600.py
@@ -107,6 +107,7 @@ def initConfig(controllerObject):
                   "POST_CONDITION"        : False,
                   "POST_CONDITION_MATCH"  : True}
 
+
     controller.addGroup(groupDict, paramsList)
 
 
@@ -127,6 +128,7 @@ def initSequences(controller):
              {'title': 'Adding Swift storage manifest entries', 'functions':[createstoragemanifest]},
              {'title': 'Adding Swift common manifest entries', 'functions':[createcommonmanifest]},
     ]
+
     controller.addSequence("Installing OpenStack Swift", [], [], steps)
 
 
@@ -235,11 +237,25 @@ def createstoragemanifest(config):
         else:
             controller.CONF["SWIFT_STORAGE_DEVICES"] = "'%s'"%devicename
             manifestdata = "\n" + getManifestTemplate("swift_loopback.pp")
-        appendManifestFile(manifestfile, manifestdata)
+        # Allowed host list for firewall
+        hosts = set()
+        for host in config['CONFIG_SWIFT_STORAGE_HOSTS'].split(','):
+            hosts.add(host.strip())
+        for host in config['CONFIG_SWIFT_PROXY_HOSTS'].split(','):
+            hosts.add(host.strip())
+        for host in config['CONFIG_NOVA_COMPUTE_HOSTS'].split(','):
+            hosts.add(host.strip())
+        config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i for i in hosts])
+        # Firewall rules for storage and rsync
+        config['FIREWALL_SERVICE_NAME'] = "swift storage and rsync"
+        config['FIREWALL_PORTS'] = "'6000', '6001', '6002', '873'"
+        manifestdata += getManifestTemplate("firewall.pp")
 
+        appendManifestFile(manifestfile, manifestdata)
 
 def createcommonmanifest(config):
     for manifestfile, marker in manifestfiles.getFiles():
         if manifestfile.endswith("_swift.pp"):
             data = getManifestTemplate("swift_common.pp")
             appendManifestFile(os.path.split(manifestfile)[1], data)
+
diff --git a/packstack/puppet/modules/vswitch b/packstack/puppet/modules/vswitch
index 06fd1ea9a..6e6b94626 160000
--- a/packstack/puppet/modules/vswitch
+++ b/packstack/puppet/modules/vswitch
@@ -1 +1 @@
-Subproject commit 06fd1ea9a7dbe5f5d236c5256b1de2db147e3bb2
+Subproject commit 6e6b9462695e383423462d1321b1c0865524a408
diff --git a/packstack/puppet/templates/swift_builder.pp b/packstack/puppet/templates/swift_builder.pp
index c5ea67fa8..32387b293 100644
--- a/packstack/puppet/templates/swift_builder.pp
+++ b/packstack/puppet/templates/swift_builder.pp
@@ -15,13 +15,6 @@ class { 'swift::ringserver':
  ring_server => $swift_local_net_ip
 }
 
-
-firewall { '001 rsync incoming':
-    proto    => 'tcp',
-    dport    => ['873'],
-    action   => 'accept',
-}
-
 if ($::selinux != "false"){
     selboolean{'rsync_export_all_ro':
         value => on,
diff --git a/packstack/puppet/templates/swift_storage.pp b/packstack/puppet/templates/swift_storage.pp
index 8b93cfb6a..832afd18b 100644
--- a/packstack/puppet/templates/swift_storage.pp
+++ b/packstack/puppet/templates/swift_storage.pp
@@ -20,10 +20,4 @@ swift::ringsync{["account","container","object"]:
     require => Class['swift'],
 }
 
-firewall { '001 swift storage incoming':
-    proto    => 'tcp',
-    dport    => ['6000', '6001', '6002', '873'],
-    action   => 'accept',
-}
-