diff --git a/packstack/plugins/cinder_250.py b/packstack/plugins/cinder_250.py
index ad37ccc3b..a7c826c47 100644
--- a/packstack/plugins/cinder_250.py
+++ b/packstack/plugins/cinder_250.py
@@ -352,7 +352,7 @@ def create_manifest(config, messages):
         manifestdata += getManifestTemplate('cinder_backup.pp')
 
     config['FIREWALL_SERVICE_NAME'] = "cinder"
-    config['FIREWALL_PORTS'] = "['3260', '8776']"
+    config['FIREWALL_PORTS'] = "['3260']"
     config['FIREWALL_CHAIN'] = "INPUT"
     config['FIREWALL_PROTOCOL'] = 'tcp'
     if (config['CONFIG_NOVA_INSTALL'] == 'y' and
@@ -365,5 +365,10 @@ def create_manifest(config, messages):
         config['FIREWALL_ALLOWED'] = "'ALL'"
         config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
         manifestdata += getManifestTemplate("firewall.pp")
-
+    # cinder API should be open for everyone
+    config['FIREWALL_SERVICE_NAME'] = "cinder-api"
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "cinder_API"
+    config['FIREWALL_PORTS'] = "['8776']"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata)
diff --git a/packstack/plugins/glance_200.py b/packstack/plugins/glance_200.py
index e57ad8abe..9a47d49e8 100644
--- a/packstack/plugins/glance_200.py
+++ b/packstack/plugins/glance_200.py
@@ -96,14 +96,8 @@ def create_manifest(config, messages):
     config['FIREWALL_PORTS'] = "'9292'"
     config['FIREWALL_CHAIN'] = "INPUT"
     config['FIREWALL_PROTOCOL'] = 'tcp'
-    if config['CONFIG_NOVA_INSTALL'] == 'y':
-        for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
-            config['FIREWALL_ALLOWED'] = "'%s'" % host
-            config['FIREWALL_SERVICE_ID'] = "glance_%s" % host
-            manifestdata += getManifestTemplate("firewall.pp")
-    else:
-        config['FIREWALL_ALLOWED'] = "'ALL'"
-        config['FIREWALL_SERVICE_ID'] = "glance_ALL"
-        manifestdata += getManifestTemplate("firewall.pp")
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "glance_API"
+    manifestdata += getManifestTemplate("firewall.pp")
 
     appendManifestFile(manifestfile, manifestdata)
diff --git a/packstack/plugins/heat_750.py b/packstack/plugins/heat_750.py
index 42faa0fdc..fe80e0932 100644
--- a/packstack/plugins/heat_750.py
+++ b/packstack/plugins/heat_750.py
@@ -187,10 +187,15 @@ def create_manifest(config, messages):
     manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate(get_mq(config, "heat"))
     manifestdata += getManifestTemplate("heat.pp")
-
     if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
         manifestdata += getManifestTemplate("heat_trusts.pp")
-
+    config['FIREWALL_SERVICE_NAME'] = "heat"
+    config['FIREWALL_PORTS'] = "'8004'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata)
 
 
@@ -208,6 +213,13 @@ def create_cloudwatch_manifest(config, messages):
     manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate(get_mq(config, "heat"))
     manifestdata += getManifestTemplate("heat_cloudwatch.pp")
+    config['FIREWALL_SERVICE_NAME'] = "heat api cloudwatch"
+    config['FIREWALL_PORTS'] = "'8003'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat_api_cloudwatch"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata, marker='heat')
 
 
@@ -215,4 +227,11 @@ def create_cfn_manifest(config, messages):
     manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate(get_mq(config, "heat"))
     manifestdata += getManifestTemplate("heat_cfn.pp")
+    config['FIREWALL_SERVICE_NAME'] = "heat_cfn"
+    config['FIREWALL_PORTS'] = "'8000'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat_cfn"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata, marker='heat')
diff --git a/packstack/plugins/neutron_350.py b/packstack/plugins/neutron_350.py
index 01a7a6aa5..63051454c 100644
--- a/packstack/plugins/neutron_350.py
+++ b/packstack/plugins/neutron_350.py
@@ -760,16 +760,15 @@ def create_manifests(config, messages):
             # XXX I am not completely sure about this, but it seems necessary:
             manifest_data += getManifestTemplate(plugin_manifest)
 
-            # Firewall Rules
-            for f_host in q_hosts:
-                config['FIREWALL_SERVICE_NAME'] = "neutron server"
-                config['FIREWALL_PORTS'] = "'9696'"
-                config['FIREWALL_CHAIN'] = "INPUT"
-                config['FIREWALL_PROTOCOL'] = 'tcp'
-                config['FIREWALL_ALLOWED'] = "'%s'" % f_host
-                config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s_%s"
-                                                 % (host, f_host))
-                manifest_data += getManifestTemplate("firewall.pp")
+            #Firewall
+            config['FIREWALL_SERVICE_NAME'] = "neutron server"
+            config['FIREWALL_PORTS'] = "'9696'"
+            config['FIREWALL_CHAIN'] = "INPUT"
+            config['FIREWALL_PROTOCOL'] = 'tcp'
+            config['FIREWALL_ALLOWED'] = "'ALL'"
+            config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s"
+                                                 % (host))
+            manifest_data += getManifestTemplate("firewall.pp")
 
             appendManifestFile(manifest_file, manifest_data, 'neutron')
 
diff --git a/packstack/plugins/nova_300.py b/packstack/plugins/nova_300.py
index 6af1eb4cd..bd11f1972 100644
--- a/packstack/plugins/nova_300.py
+++ b/packstack/plugins/nova_300.py
@@ -428,6 +428,13 @@ def create_api_manifest(config, messages):
             "'%s'" % config['CONFIG_NEUTRON_METADATA_PW']
     manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate("nova_api.pp")
+    config['FIREWALL_SERVICE_NAME'] = "nova api"
+    config['FIREWALL_PORTS'] = "['8773', '8774', '8775']"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "nova_api"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata, 'novaapi')
 
 
diff --git a/packstack/plugins/swift_600.py b/packstack/plugins/swift_600.py
index 2df6aa674..ca497f348 100644
--- a/packstack/plugins/swift_600.py
+++ b/packstack/plugins/swift_600.py
@@ -276,6 +276,13 @@ def create_builder_manifest(config, messages):
 def create_proxy_manifest(config, messages):
     manifestfile = "%s_swift.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate("swift_proxy.pp")
+    config['FIREWALL_SERVICE_NAME'] = "swift proxy"
+    config['FIREWALL_PORTS'] = "'8080'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "swift_proxy"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata)
 
 
diff --git a/packstack/puppet/templates/heat.pp b/packstack/puppet/templates/heat.pp
index 34a867d12..fe54c55b1 100644
--- a/packstack/puppet/templates/heat.pp
+++ b/packstack/puppet/templates/heat.pp
@@ -18,3 +18,4 @@ class { 'heat::keystone::domain':
   domain_admin      => '%(CONFIG_HEAT_DOMAIN_ADMIN)s',
   domain_password   => '%(CONFIG_HEAT_DOMAIN_PASSWORD)s',
 }
+
diff --git a/packstack/puppet/templates/heat_cfn.pp b/packstack/puppet/templates/heat_cfn.pp
index eae4f7a65..0c94116f1 100644
--- a/packstack/puppet/templates/heat_cfn.pp
+++ b/packstack/puppet/templates/heat_cfn.pp
@@ -8,3 +8,4 @@ class { 'heat::keystone::auth_cfn':
   internal_address   => '%(CONFIG_CONTROLLER_HOST)s',
   password           => '%(CONFIG_HEAT_KS_PW)s'
 }
+
diff --git a/packstack/puppet/templates/heat_cloudwatch.pp b/packstack/puppet/templates/heat_cloudwatch.pp
index 5ca0300ad..d1d02015f 100644
--- a/packstack/puppet/templates/heat_cloudwatch.pp
+++ b/packstack/puppet/templates/heat_cloudwatch.pp
@@ -1,3 +1,4 @@
 
 class { 'heat::api_cloudwatch':
 }
+
diff --git a/packstack/puppet/templates/nova_api.pp b/packstack/puppet/templates/nova_api.pp
index 7d5bc5718..76fb187fc 100644
--- a/packstack/puppet/templates/nova_api.pp
+++ b/packstack/puppet/templates/nova_api.pp
@@ -9,8 +9,3 @@ class {"nova::api":
 
 Package<| title == 'nova-common' |> -> Class['nova::api']
 
-firewall { '001 novaapi incoming':
-    proto    => 'tcp',
-    dport    => ['8773', '8774', '8775'],
-    action   => 'accept',
-}
diff --git a/packstack/puppet/templates/swift_proxy.pp b/packstack/puppet/templates/swift_proxy.pp
index c87796b45..99ab6a84c 100644
--- a/packstack/puppet/templates/swift_proxy.pp
+++ b/packstack/puppet/templates/swift_proxy.pp
@@ -67,8 +67,3 @@ class { 'swift::proxy::authtoken':
     auth_host         => '%(CONFIG_CONTROLLER_HOST)s',
 }
 
-firewall { '001 swift proxy incoming':
-    proto    => 'tcp',
-    dport    => ['8080'],
-    action   => 'accept',
-}