diff --git a/files/firewall b/files/firewall
index 08435dd..58a47a2 100755
--- a/files/firewall
+++ b/files/firewall
@@ -30,6 +30,8 @@ case $1 in
         iptables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --dports  6800:7300                             -j ACCEPT   # ceph traffic
         iptables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --sports  6800:7300                             -j ACCEPT   # ceph traffic
         iptables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --dports 49152:49215                            -j ACCEPT   # libvirt live migration
+        iptables -A INPUT -i lo                           -m multiport      -p tcp   --sports  6800:7300                             -j ACCEPT   # local ceph traffic
+        iptables -A INPUT -i lo                           -m multiport      -p tcp   --dports  6800:7300                             -j ACCEPT   # local ceph traffic
        ### mgmt
         iptables -A INPUT -i mgmt                                           -p tcp   --dport  22                                     -j ACCEPT
         iptables -A INPUT -i mgmt -m state --state ESTABLISHED,RELATED                                                               -j ACCEPT