diff --git a/manifests/site.pp b/manifests/site.pp
index 2049d61e32..67d9d427ee 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -21,8 +21,12 @@ node default {
 #
 # Node-OS: trusty
 node 'review.openstack.org' {
+  $iptables_rules =
+    ['-p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT']
   class { 'openstack_project::server':
     iptables_public_tcp_ports => [80, 443, 29418],
+    iptables_rules6           => $iptables_rules,
+    iptables_rules4           => $iptables_rules,
     sysadmins                 => hiera('sysadmins', []),
     extra_aliases             => { 'gerrit2' => 'root' },
   }
@@ -63,8 +67,12 @@ node 'review.openstack.org' {
 
 # Node-OS: trusty
 node 'review-dev.openstack.org' {
+  $iptables_rules =
+    ['-p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT']
   class { 'openstack_project::server':
     iptables_public_tcp_ports => [80, 443, 29418],
+    iptables_rules6           => $iptables_rules,
+    iptables_rules4           => $iptables_rules,
     sysadmins                 => hiera('sysadmins', []),
     extra_aliases             => { 'gerrit2' => 'root' },
     afs                       => true,