Hi,
Running juju 2.5.4, I found the following log lines on various controllers :
2019-05-20 07:41:11 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-1": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-5ff1da-18" and "juju-5ff1da-1"
2019-05-20 12:51:26 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-2": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-2a037f-21" and "juju-2a037f-2"
2019-05-20 12:52:03 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-8": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-2a037f-80" and "juju-2a037f-8"
2019-05-20 12:55:26 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-2": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-d5655c-20" and "juju-d5655c-2"
2019-05-20 12:55:48 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-1": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-d5655c-10" and "juju-d5655c-1"
I strongly suspect that this is a bug happening when a model has 2 machine which have a machine number that starts with the same digit (for example, machine 8 and machine 80). And I strongly suspect this is because of https://github.com/juju/juju/blob/juju-2.5.4/provider/gce/google/raw.go#L131 and the use of HasPrefix - which will add rules for e.g. machine 10 to machine 1 as well.
Thanks for reporting this Junien. We do add some randomisation to the firewall rules, but obviously not enough.