Comment 19 for bug 1509986

Verified on snapshot-id #822
Firewall rules were apllied on all nodes (include nodes with compute and cinder roles) in cluster:

root@node-2:~# iptables --list | grep block
DROP all -- anywhere anywhere /* 010 block invalid packets */ ctstate INVALID
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN /* 020 block not-syn new packets */ ctstate NEW
DROP tcp -- anywhere anywhere /* 030 block uncommon mss values */ ctstate NEW tcpmss match !536:65535
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE /* 040 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN /* 050 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST /* 060 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN /* 070 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST /* 080 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN /* 090 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG /* 100 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN /* 110 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH /* 120 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG /* 130 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE /* 140 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG /* 150 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,PSH,URG /* 160 block packets with bogus tcp flags */
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG /* 170 block packets with bogus tcp flags */