It would not affect clustering, however, my recommendation is to use the following logic on your loopback.
Drop SSH from anywhere that ISN'T trusted
Drop HTTP/HTTPS from anywhere that ISN"T trusted
Drop ICMP from anywhere that ISN'T trusted.
permit everything else
(Adjust the logic to the ports you want to restrict etc.)
Only drop what you need to and allow everything else, I would use prefix lists...
example:
term ssh from address prefix-list trusted-networks except
term ssh from destination-port 22
term ssh then discard
term https from address prefix-list trusted-networks except
term https from destination-port 443
term https then discard
term permit then accept
And then test ofcourse.
GL