diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 64c610a971..45d9b08522 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -1,2 +1,9 @@
 ---
-freezes: true
\ No newline at end of file
+freezes: true
+# example of ports for default iptables
+# tcp_ports: [ 22, 80, 443 ]
+# udp_ports: [ 110, 1024, 2049 ]
+# custom_rules: [ '-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT',
+                  '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ]
+
+
diff --git a/inventory/group_vars/kernel-qa b/inventory/group_vars/kernel-qa
index 35fcf1b7a3..5ff216a353 100644
--- a/inventory/group_vars/kernel-qa
+++ b/inventory/group_vars/kernel-qa
@@ -4,5 +4,10 @@ resolvconf: $files/resolv.conf/phx2
 rsyslogconf: $files/rsyslog/rsyslog.conf.phx2
 fas_client_groups: sysadmin-kernel
 sudoers: $private/files/sudo/kernel-qa
-tcp_ports: [23, 25, 80, 8888]
+tcp_ports: [ 22, 80, 443 ]
+udp_ports: [ 110, 1024, 2049 ]
+custom_rules: [ '-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT',
+                  '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ]
+ 
+