diff --git a/extraconfig/services/openshift-cns.yaml b/extraconfig/services/openshift-cns.yaml
index 669f93424e..d6eca2abe3 100644
--- a/extraconfig/services/openshift-cns.yaml
+++ b/extraconfig/services/openshift-cns.yaml
@@ -84,18 +84,6 @@ outputs:
       # as cns. The actual installation is performed in
       # openshift-master service template.
       service_name: openshift_glusterfs
-      config_settings:
-        tripleo.openshift_glusterfs.firewall_rules:
-          '200 openshift-glusterfs kubelet':
-            dport:
-              - 2222
-              - 3260
-              - 10250
-              - 24008
-              - 24010
-            proto: tcp
-          '200 openshift-glusterfs external services':
-            dport: '49152-49251'
       host_prep_tasks:
         - name: Wipe the configured disks
           shell: |
diff --git a/extraconfig/services/openshift-master.yaml b/extraconfig/services/openshift-master.yaml
index aeb75b8edd..4d439809f5 100644
--- a/extraconfig/services/openshift-master.yaml
+++ b/extraconfig/services/openshift-master.yaml
@@ -127,15 +127,6 @@ outputs:
         map_merge:
           - get_attr: [OpenShiftNode, role_data, config_settings]
           - tripleo::keepalived::virtual_router_id_base: 100
-            tripleo.openshift_master.firewall_rules:
-              '200 openshift-master api':
-                dport: 6443
-                proto: tcp
-              '200 openshift-master etcd':
-                dport:
-                  - 2379
-                  - 2380
-                proto: tcp
       upgrade_tasks: []
       step_config: ''
       external_deploy_tasks:
diff --git a/extraconfig/services/openshift-worker.yaml b/extraconfig/services/openshift-worker.yaml
index 3ff17501f4..83604c2e2b 100644
--- a/extraconfig/services/openshift-worker.yaml
+++ b/extraconfig/services/openshift-worker.yaml
@@ -54,17 +54,7 @@ outputs:
     description: Role data for the Openshift Service
     value:
       service_name: openshift_worker
-      config_settings:
-        map_merge:
-          - get_attr: [OpenShiftNode, role_data, config_settings]
-          - tripleo.openshift_worker.firewall_rules:
-              '200 openshift-worker kubelet':
-                dport:
-                  - 10250
-                  - 10255
-                proto: tcp
-              '200 openshift-worker external services':
-                dport: '30000-32767'
+      config_settings: {get_attr: [OpenShiftNode, role_data, config_settings]}
       upgrade_tasks: []
       step_config: ''
       external_deploy_tasks:
diff --git a/roles/OpenShiftInfra.yaml b/roles/OpenShiftInfra.yaml
index de52d6ec36..7018925327 100644
--- a/roles/OpenShiftInfra.yaml
+++ b/roles/OpenShiftInfra.yaml
@@ -25,3 +25,4 @@
     - OS::TripleO::Services::Rhsm
     - OS::TripleO::Services::Sshd
     - OS::TripleO::Services::Timesync
+    - OS::TripleO::Services::TripleoFirewall
diff --git a/roles/OpenShiftWorker.yaml b/roles/OpenShiftWorker.yaml
index 01d4ca187a..4d2c3a4856 100644
--- a/roles/OpenShiftWorker.yaml
+++ b/roles/OpenShiftWorker.yaml
@@ -25,3 +25,4 @@
     - OS::TripleO::Services::Rhsm
     - OS::TripleO::Services::Sshd
     - OS::TripleO::Services::Timesync
+    - OS::TripleO::Services::TripleoFirewall