Comment 4 for bug 1851866

Investigating these are all because Juju doesn't firewall between units in a model. Charms have no ability to expose internal to the model and so all units have open ports between each other. The firewall is only for external ingress.

We cannot change these groups because it would break working charms and bundles that have this expectation and if this is required it would need to go through a new field request for a feature in Juju to split expose/ports/firewalls into independent internal/external setups.