initial_firewall blocks ssh access if deploying with --port

i created a host, ssh was listening on port 22.

the node config looks like this:

{
  "services": ["webapp", "monitor"],
  "tags": ["unstable", "dc", "sandbox-braintree"],
  "ip_address": "199.119.112.10",
  "ssh": {
    "port": 4422
  }
}

i deployed using "--port 22" but deployment stalled after Site_config::Initial_firewall/File[/etc/network/ipv4firewall_up.rules]:

leap deploy chameleon --port 22
 = Updating submodule puppet/modules/check_mk
 = updated hiera/chameleon.yaml
 = checking node
   - [chameleon] ok
 = synching configuration files
   - hiera/chameleon.yaml -> chameleon:/etc/leap/hiera.yaml
   - files/webapp/ -> chameleon:/etc/leap
 = synching puppet manifests
   - /home/varac/dev/projects/leap/git/leap_platform/[bin,tests,puppet] -> chameleon:/srv/leap
 = applying puppet
   - [chameleon] notice: /Stage[main]/Concat::Setup/File[/var/lib/puppet/concat]/ensure: created
   - [chameleon] notice: /Stage[main]/Concat::Setup/File[/var/lib/puppet/concat/bin]/ensure: created
   - [chameleon] notice: /Stage[main]/Concat::Setup/File[/var/lib/puppet/concat/bin/concatfragments.sh]/ensure: defined content as '{md5}256169ee61115a6b717b2844d2ea3128'
   - [chameleon] notice: /Stage[main]/Site_config::Initial_firewall/File[/etc/network/ipv6firewall_up.rules]/ensure: defined content as '{md5}8b98783a5f910fe772bd888868c45b64'
   - [chameleon] notice: /Stage[main]/Site_apt/Apt::Apt_conf[90disable-pdiffs]/File[/etc/apt/apt.conf.d/90disable-pdiffs]/ensure: created
   - [chameleon] notice: /Stage[main]/Site_config::Initial_firewall/File[/etc/network/ipv4firewall_up.rules]/ensure: defined content as '{md5}c59b425718e40b294730b15375b30275'

my guess it that initial_firewall is allowing only the ssh.port from the node config, but the ssh daemon still listens on port 22 :P

micah, i assigned this to you, it's not so urgent, but you cared for the initial_firewall

(from redmine: created on 2014-02-10, closed on 2014-04-24, relates #3108 (closed))