I agree this is a security concern. It prevents security group rules from being applied on a host after one installs that rule. I just reproduced this issue and tested this patch: https://review.openstack.org/#/c/59212/16 which fixes the issue. I think we should focus on getting that merged asap. I'm wondering if there should also be a security CVE released though so people are aware of the issue downstream.
I agree this is a security concern. It prevents security group rules from being applied on a host after one installs that rule. I just reproduced this issue and tested this patch: https:/ /review. openstack. org/#/c/ 59212/16 which fixes the issue. I think we should focus on getting that merged asap. I'm wondering if there should also be a security CVE released though so people are aware of the issue downstream.