Comment 29 for bug 1549443

This bug causes security issue. It is worth backported to Mitaka too.

As reported in the initial bug report, when creating a port with no security group or with port_security_enabled=False and then booting a VM with the port, iptables rules for the VM are not configured properly. As a result, VM traffic is handled based on the default FORWARD policy of the hypervisor host. It is confusing.

There is another issue. Once this situation happens, even after a user change the port to port_security_enabled=True or associate security group to the port, corresponding iptables rules are not installed. This means security group is not applied to the port. Neutron API says security group is applied but actually no security group is applied.