diff --git a/modules/openstack_project/manifests/single_use_slave.pp b/modules/openstack_project/manifests/single_use_slave.pp
index 82a40fde88..0ecd2df3f2 100644
--- a/modules/openstack_project/manifests/single_use_slave.pp
+++ b/modules/openstack_project/manifests/single_use_slave.pp
@@ -28,13 +28,13 @@ class openstack_project::single_use_slave (
       [
         # Ports 69 and 6385 allow to allow ironic VM nodes to reach tftp and
         # the ironic API from the neutron public net
-        '-p udp --dport 69 -s 172.24.4.0/24 -j ACCEPT',
-        '-p tcp --dport 6385 -s 172.24.4.0/24 -j ACCEPT',
+        '-p udp --dport 69 -s 172.24.4.0/23 -j ACCEPT',
+        '-p tcp --dport 6385 -s 172.24.4.0/23 -j ACCEPT',
         # Ports 8000, 8003, 8004 from the devstack neutron public net to allow
         # nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api
-        '-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT',
-        '-p tcp --dport 8003 -s 172.24.4.0/24 -j ACCEPT',
-        '-p tcp --dport 8004 -s 172.24.4.0/24 -j ACCEPT',
+        '-p tcp --dport 8000 -s 172.24.4.0/23 -j ACCEPT',
+        '-p tcp --dport 8003 -s 172.24.4.0/23 -j ACCEPT',
+        '-p tcp --dport 8004 -s 172.24.4.0/23 -j ACCEPT',
         '-m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "',
       ],
   }