Comment 0 for bug 1429077

We have following places for firewall rules in manifests (look for all "firewall {}" entries):
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/openstack/manifests/firewall.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/openstack/manifests/heat.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/openstack/manifests/logging.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/cobbler/manifests/iptables.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/sahara/manifests/init.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/memcached/manifests/init.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/zabbix/manifests/server.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/zabbix/manifests/monitoring/rabbitmq_mon.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/zabbix/manifests/agent.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/osnailyfacter/modular/firewall/firewall.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/nailgun/manifests/host.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/nailgun/manifests/iptables.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/galera/manifests/init.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/mongodb/manifests/firewall.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/ceph/manifests/radosgw.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/ceph/manifests/osd.pp
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/ceph/manifests/mon.pp

And the list actually should be only:
The full list of ports could be re-used from here (look for all "firewall {}" entries):
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/openstack/manifests/firewall.pp

https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/cobbler/manifests/iptables.pp

https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/nailgun/manifests/host.pp (?)
https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/nailgun/manifests/iptables.pp

Also note, that openstack/manifests/firewall.pp should contain if {} stanzas for different types of deployment (ceph or swift, for example. Nova or neutron, etc.) in order to not open unused ports.