After upgrade openstack compute nodes no long apply security group rules

Solution Verified - Updated -


  • After perform upgrade on compute nodes no long apply security group rules. Openvswitch logs show the firewall rules are updated/refreshed but not created.

    [root@compute]# iptables -nvL | grep Chain
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    Chain OUTPUT (policy ACCEPT 1086K packets, 371M bytes)
    Chain neutron-filter-top (2 references)
    Chain neutron-openvswi-FORWARD (1 references)
    Chain neutron-openvswi-INPUT (1 references)
    Chain neutron-openvswi-OUTPUT (1 references)
    Chain neutron-openvswi-local (1 references)
    Chain neutron-openvswi-sg-chain (0 references)
    Chain neutron-openvswi-sg-fallback (0 references)


  • Red Hat OpenStack Platform 13
    • openvswitch

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content