diff --git a/cloud-init/swarm-manager.yml b/cloud-init/swarm-manager.yml
index 96350b9..171422a 100644
--- a/cloud-init/swarm-manager.yml
+++ b/cloud-init/swarm-manager.yml
@@ -22,6 +22,15 @@ write_files:
     permissions: 0644
     owner: root:root
     content: |
+      *mangle
+      :PREROUTING ACCEPT [0:0]
+      :INPUT ACCEPT [0:0]
+      :FORWARD ACCEPT [0:0]
+      :OUTPUT ACCEPT [0:0]
+      :POSTROUTING ACCEPT [0:0]
+      -A PREROUTING -i eth0 -p tcp -m tcp --dport 2222 -j DROP
+      COMMIT
+
       *filter
       :INPUT DROP [0:0]
       :FORWARD DROP [0:0]
diff --git a/cloud-init/swarm-worker.yml b/cloud-init/swarm-worker.yml
index 2ff0d05..8bd69b5 100644
--- a/cloud-init/swarm-worker.yml
+++ b/cloud-init/swarm-worker.yml
@@ -23,6 +23,15 @@ write_files:
     permissions: 0644
     owner: root:root
     content: |
+      *mangle
+      :PREROUTING ACCEPT [0:0]
+      :INPUT ACCEPT [0:0]
+      :FORWARD ACCEPT [0:0]
+      :OUTPUT ACCEPT [0:0]
+      :POSTROUTING ACCEPT [0:0]
+      -A PREROUTING -i eth0 -p tcp -m tcp --dport 2222 -j DROP
+      COMMIT
+
       *filter
       :INPUT DROP [0:0]
       :FORWARD DROP [0:0]