diff --git a/IaC-test/securitygroups-lb.tf b/IaC-test/securitygroups-lb.tf
index c761b45..515514f 100644
--- a/IaC-test/securitygroups-lb.tf
+++ b/IaC-test/securitygroups-lb.tf
@@ -12,7 +12,7 @@ resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule_v4_dco" {
   port_range_min    = "8443"
   port_range_max    = "8443"
   provider          = openstack.dco
-  remote_ip_prefix  = "87.251.31.153/32"
+  remote_ip_prefix  = "87.251.31.118/32"
   security_group_id = openstack_networking_secgroup_v2.lb-dco.id
 }
 
@@ -23,6 +23,41 @@ resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule2_v4_dco" {
   port_range_min    = "16443"
   port_range_max    = "16443"
   provider          = openstack.dco
-  remote_ip_prefix  = "87.251.31.153/32"
+  remote_ip_prefix  = "87.251.31.118/32"
+  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
+}
+
+# From mgmt1
+
+resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule3_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "16443"
+  port_range_max    = "16443"
+  provider          = openstack.dco
+  remote_ip_prefix  = "89.47.191.66/32"
+  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule4_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "80"
+  port_range_max    = "80"
+  provider          = openstack.dco
+  remote_ip_prefix  = "89.47.191.66/32"
+  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule5_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "443"
+  port_range_max    = "443"
+  provider          = openstack.dco
+  remote_ip_prefix  = "89.47.191.66/32"
   security_group_id = openstack_networking_secgroup_v2.lb-dco.id
 }
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 5fe474a..912a49a 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -70,4 +70,4 @@
   matrix::podmanhost:
     rootless: true
     rlusers:
-      - 'matrixinstaller'
+      - matrixinstaller