diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index f8fe543713..6f6e8844bb 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -30,7 +30,7 @@
   user: name=root password={{ rootpw }} state=present
   tags:
   - rootpw
-  when: not inventory_hostname.startswith('build')
+  when: not inventory_hostname.startswith('build') or not inventory_hostname.startswith('releng')
 
 - name: add ansible root key 
   authorized_key: user=root key="{{ item }}"
diff --git a/roles/base/templates/iptables/iptables.releng b/roles/base/templates/iptables/iptables.releng
index 7048429360..b835d15c56 100644
--- a/roles/base/templates/iptables/iptables.releng
+++ b/roles/base/templates/iptables/iptables.releng
@@ -42,6 +42,10 @@ COMMIT
 -A INPUT -p tcp -m tcp -s 192.168.100.0/24 --dport 22 -j REJECT --reject-with tcp-reset
 -A INPUT -p tcp -m tcp  --dport 22 -j ACCEPT 
 
+# for fireball mode - allow port 5099 from lockbox and it's ips
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT
+
 # Allow all netapp traffic
 -A INPUT -p udp -m udp -s 10.5.88.36 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.5.88.36 -j ACCEPT