diff --git a/inventory/group_vars/os-proxies b/inventory/group_vars/os-proxies
index a4b8e7a335..4221d5cdfd 100644
--- a/inventory/group_vars/os-proxies
+++ b/inventory/group_vars/os-proxies
@@ -9,10 +9,18 @@ tcp_ports: [
     # For os routers
     80,
     443,
-    # For haproxy status
-    8080,
     # For ks8 api
     6443,
+    # For haproxy status
+    8080,
     # For machinectl api
     22623,
+    # 9941 is closed generally, is for the inbound fedmsg and is covered in
+    # custom_rules
+]
+
+custom_rules: [
+    # Needed for keepalived
+    '-A INPUT -d 224.0.0.0/8 -j ACCEPT',
+    '-A INPUT -p vrrp -j ACCEPT',
 ]
diff --git a/playbooks/groups/os-proxies.yml b/playbooks/groups/os-proxies.yml
index 96bbe693bf..ca32ce08b0 100644
--- a/playbooks/groups/os-proxies.yml
+++ b/playbooks/groups/os-proxies.yml
@@ -18,12 +18,12 @@
 
   roles:
   - base
-  - basessh
   - fas_client
   - rkhunter
   - nagios_client
   - collectd/base
   - sudo
+  - keepalived
 
   tasks:
   - import_tasks: "{{ tasks_path }}/2fa_client.yml"