Overcloud deployment on pre-deployed servers fails due to missing SSH firewall rule

Description of problem:
Deployment on pre-deployed servers fails due to missing SSH firewall rules.

After https://review.opendev.org/#/c/667295/ landed deployment on pre-deployed servers doesn't work anymore since the SSH firewall rules are not set anymore:

How reproducible:
100%

Steps to Reproduce:
1. Deploy Stein overcloud on pre-deployed servers

Actual results:
overcloud deployments fails because the firewall rules set by Director do not include SSH access hence ansible can't reach the nodes any longer.

Expected results:
Firewall rules to allow SSH access are set.

Additional info:

The resulting firewall rules on the server do not include SSH access:

[root@controller-0 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* 000 accept related established rules ipv4 */
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW /* 001 accept all icmp ipv4 */
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW /* 002 accept all to lo interface ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 873,3123,3306,4444,4567,4568,9200 state NEW /* 104 mysql galera-bundle ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 1993 state NEW /* 107 haproxy stats ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 3124,6379,26379 state NEW /* 108 redis-bundle ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 3122,4369,5672,25672 state NEW /* 109 rabbitmq-bundle ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 6789,3300 state NEW /* 110 ceph_mon ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 5000,13000,35357 state NEW /* 111 keystone ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 9292,13292 state NEW /* 112 glance_api ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 6800:7300 state NEW /* 113 ceph_mgr ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8774,13774 state NEW /* 113 nova_api ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 9696,13696 state NEW /* 114 neutron api ipv4 */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 4789 state NEW /* 118 neutron vxlan networks ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8776,13776 state NEW /* 119 cinder ipv4 */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 6081 state NEW /* 119 neutron geneve networks ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 3260 state NEW /* 120 iscsi initiator ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 3125,6641,6642 state NEW /* 121 OVN DB server ports ipv4 */
ACCEPT tcp -- 172.17.1.0/24 0.0.0.0/0 multiport dports 11211 state NEW /* 121 memcached 172.17.1.0/24 ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8080,13808 state NEW /* 122 swift proxy ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 873,6000,6001,6002 state NEW /* 123 swift storage ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8004,13004 state NEW /* 125 heat_api ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8000,13800 state NEW /* 125 heat_cfn ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 state NEW /* 126 horizon ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8042,13042 state NEW /* 128 aodh-api ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8041,13041 state NEW /* 129 gnocchi-api ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 2224,3121,21064 state NEW /* 130 pacemaker tcp ipv4 */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 5405 state NEW /* 131 pacemaker udp ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 6080,13080 state NEW /* 137 nova_vnc_proxy ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8778,13778 state NEW /* 138 nova_placement ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8775,13775 state NEW /* 139 nova_metadata ipv4 */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8125 state NEW /* 140 gnocchi-statsd ipv4 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8977,13977 state NEW /* 140 panko-api ipv4 */
LOG all -- 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 20/min burst 15 /* 998 log all ipv4 */ LOG flags 0 level 4
DROP all -- 0.0.0.0/0 0.0.0.0/0 state NEW /* 999 drop all ipv4 */

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination