If neutron-meter-agent is installed and enabled, and a meter-label is created, all traffic between internal networks becomes NATed, which is unexpected and potentially causes firewall/routing issues. This happens because meter-agent does not define stateless flag during iptables initialization which later during _modify_rules in agent/linux/iptables_manager.py results in moving the following rules:
before:
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
after:
-A POSTROUTING -j neutron-postrouting-bottom
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
The attached patch fixes the issue by setting "state_less=True" for metering agent's iptables_manager.
downstream bug - https:/ /bugs.launchpad .net/mos/ +bug/1539664