diff --git a/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org
index 80c0e0e5b9..ac82839530 100644
--- a/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org
@@ -26,12 +26,16 @@ fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
 
 #
 # Only allow postgresql access from the frontend node and ipsilon01.stg and
-# fas3-01.stg
+# fas3-01.stg and openshift
 #
 custom_rules:
 - '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT'
 - '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT'
 - '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT'
+- '-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 5432 -j ACCEPT'
+- '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 5432 -j ACCEPT'
+- '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 5432 -j ACCEPT'
+- '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 5432 -j ACCEPT'
 
 #
 # Large updates pushes cause lots of db threads doing the tag moves, so up this from default.