diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index a410543c07..f1dc76a0af 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -35,6 +35,30 @@ source $TOP_DIR/functions
 
 FILES=$TOP_DIR/files
 
+# Keystone Port Reservation
+# -------------------------
+# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from
+# being used as ephemeral ports by the system. The default(s) are 35357 and
+# 35358 which are in the Linux defined ephemeral port range (in disagreement
+# with the IANA ephemeral port range). This is a workaround for bug #1253482
+# where Keystone will try and bind to the port and the port will already be
+# in use as an ephemeral port by another process. This places an explicit
+# exception into the Kernel for the Keystone AUTH ports.
+keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
+
+# Get any currently reserved ports, strip off leading whitespace
+reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
+
+if [[ -z "${reserved_ports}" ]]; then
+    # If there are no currently reserved ports, reserve the keystone ports
+    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
+else
+    # If there are currently reserved ports, keep those and also reserve the
+    # keystone specific ports. Duplicate reservations are merged into a single
+    # reservation (or range) automatically by the kernel.
+    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
+fi
+
 
 # Python Packages
 # ---------------