Comment 18 for bug 1549443

The posted patch did not work for us and we have been troubleshooting to find where the problem is and we think there may be a deviation of expectations in ml2 driver agent and neutron agent. In iptables_firewall the agent is managing all of the ports with two lists; unfiltered and filtered ports. filtered ports get the IPtable chains applied from the security groups as normal. Unfiltered get applied the three pass through rules specified in the initial bug post. However, the ml2 agent is removing port security disabled ports from the list of managed ports and thus they never get the three rules added. We made the attached change and things seem to be working in all our tests. This fix doesn't refactor out unnecessary code if the ml2 driver truly does not need to be filtering out ports any longer. We are running Mitaka and haven't looked to see if the scenario is the same for Liberty.