diff --git a/manifests/site.pp b/manifests/site.pp
index 00e1b8c7d9..a96909f713 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -229,9 +229,16 @@ node 'zuul.openstack.org' {
     url_pattern          => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
     sysadmins            => hiera('sysadmins'),
     statsd_host          => 'graphite.openstack.org',
+    gearman_workers      => [
+      'jenkins.openstack.org',
+      'jenkins-dev.openstack.org',
+    ],
   }
   # co-host gearman-job-server
   include gearman
+  class { 'gearman':
+    listen => '::',
+  }
 }
 
 # A bare machine, but with a jenkins user
diff --git a/modules/openstack_project/manifests/jenkins.pp b/modules/openstack_project/manifests/jenkins.pp
index 23311f97c8..c8dd59429d 100644
--- a/modules/openstack_project/manifests/jenkins.pp
+++ b/modules/openstack_project/manifests/jenkins.pp
@@ -9,7 +9,7 @@ class openstack_project::jenkins (
   $sysadmins = []
 ) {
   class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443, 4155],
+    iptables_public_tcp_ports => [80, 443],
     sysadmins                 => $sysadmins,
   }
 
diff --git a/modules/openstack_project/manifests/jenkins_dev.pp b/modules/openstack_project/manifests/jenkins_dev.pp
index 1a332c99f2..cf91c2520a 100644
--- a/modules/openstack_project/manifests/jenkins_dev.pp
+++ b/modules/openstack_project/manifests/jenkins_dev.pp
@@ -4,7 +4,7 @@ class openstack_project::jenkins_dev (
   $sysadmins = []
 ) {
   class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443, 4155],
+    iptables_public_tcp_ports => [80, 443],
     sysadmins                 => $sysadmins,
   }
   include bup
diff --git a/modules/openstack_project/manifests/zuul.pp b/modules/openstack_project/manifests/zuul.pp
index 74d42bbd5c..bc3c0ab572 100644
--- a/modules/openstack_project/manifests/zuul.pp
+++ b/modules/openstack_project/manifests/zuul.pp
@@ -11,14 +11,20 @@ class openstack_project::zuul(
   $zuul_ssh_private_key = '',
   $url_pattern = '',
   $sysadmins = [],
-  $statsd_host = ''
+  $statsd_host = '',
+  $gearman_workers = []
 ) {
 
-  $rules = [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]
+  # Turn a list of hostnames into a list of iptables rules
+  $iptables_rules6 = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
+  $iptables_rules4 = $iptables_rules6
+
+  $iptables_rules4 += [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]
 
   class { 'openstack_project::server':
     iptables_public_tcp_ports => [80],
-    iptables_rules4           => $rules,
+    iptables_rules6           => $iptables_rules6,
+    iptables_rules4           => $iptables_rules4,
     sysadmins                 => $sysadmins,
   }