firewall rules defined in service templates missing on overcloud

The firewall rules for services defined in via service templates in tht are missing from the rules list after deployed. the current list we have is:

[root@controller-0 ~ ]# iptables -L INPUT -n --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 nova-api-INPUT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8042 /* 100 aodh_haproxy */ state NEW
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13042 /* 100 aodh_haproxy_ssl */ state NEW
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8777 /* 100 ceilometer_haproxy */ state NEW
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13777 /* 100 ceilometer_haproxy_ssl */ state NEW
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8776 /* 100 cinder_haproxy */ state NEW
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13776 /* 100 cinder_haproxy_ssl */ state NEW
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 9292 /* 100 glance_api_haproxy */ state NEW
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13292 /* 100 glance_api_haproxy_ssl */ state NEW
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 9191 /* 100 glance_registry_haproxy */ state NEW
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 /* 100 glance_registry_haproxy_ssl */ state NEW
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8041 /* 100 gnocchi_haproxy */ state NEW
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13041 /* 100 gnocchi_haproxy_ssl */ state NEW
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8004 /* 100 heat_api_haproxy */ state NEW
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13004 /* 100 heat_api_haproxy_ssl */ state NEW
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8000 /* 100 heat_cfn_haproxy */ state NEW
17 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13005 /* 100 heat_cfn_haproxy_ssl */ state NEW
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8003 /* 100 heat_cloudwatch_haproxy */ state NEW
19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13003 /* 100 heat_cloudwatch_haproxy_ssl */ state NEW
20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 35357 /* 100 keystone_admin_haproxy */ state NEW
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13357 /* 100 keystone_admin_haproxy_ssl */ state NEW
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 5000 /* 100 keystone_public_haproxy */ state NEW
23 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13000 /* 100 keystone_public_haproxy_ssl */ state NEW
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 9696 /* 100 neutron_haproxy */ state NEW
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13696 /* 100 neutron_haproxy_ssl */ state NEW
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8775 /* 100 nova_metadata_haproxy */ state NEW
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 /* 100 nova_metadata_haproxy_ssl */ state NEW
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 6080 /* 100 nova_novncproxy_haproxy */ state NEW
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13080 /* 100 nova_novncproxy_haproxy_ssl */ state NEW
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8774 /* 100 nova_osapi_haproxy */ state NEW
31 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13774 /* 100 nova_osapi_haproxy_ssl */ state NEW
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8386 /* 100 sahara_haproxy */ state NEW
33 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13386 /* 100 sahara_haproxy_ssl */ state NEW
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8080 /* 100 swift_proxy_server_haproxy */ state NEW
35 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 13808 /* 100 swift_proxy_server_haproxy_ssl */ state NEW

which are from puppet-tripleo. But none from tht are there eg redis, mongodb etc..