diff --git a/dicos/29_one-master.xml b/dicos/29_one-master.xml
index 0f6619f..7657de7 100644
--- a/dicos/29_one-master.xml
+++ b/dicos/29_one-master.xml
@@ -7,6 +7,7 @@
         <file filelist='onesinglenode' name='/etc/one/sched.conf' rm='True'/>
         <file filelist='onesinglenode' name='/var/lib/one/remotes/etc/vnm/OpenNebulaNetwork.conf' rm='True' mkdir='True'/>
         <file filelist='onesinglenode' name='/etc/one/auth/ldap_auth.conf'/>
+        <file filelist='one_ha' name='/usr/share/eole/bastion/data/60-one' mode='755'/>
 
         <service>opennebula</service>
         <service>opennebula-scheduler</service>
@@ -233,6 +234,7 @@
             <target type='variable'>one_vip</target>
             <target type='variable'>one_vip_mask</target>
             <target type='service_accesslist'>sunstone_xmlrpc</target>
+            <target type='filelist'>one_ha</target>
         </condition>
 
         <fill name='calc_val' target='one_vip_mask'>
diff --git a/tmpl/60-one b/tmpl/60-one
new file mode 100644
index 0000000..24d4dfc
--- /dev/null
+++ b/tmpl/60-one
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+%for %%host in %%one_nodes
+/sbin/iptables -A eth%%{one_node_int}-root -s %%host -p tcp --syn -j ACCEPT
+%end for