During today's drivers meeting, we finally came to the conclusion that albeit this is a valid use case, this should not be tackled by changing the default security group semantic, and instead work with the FWaaS team.
[1] http://eavesdrop.openstack.org/meetings/neutron_drivers/2017/neutron_drivers.2017-01-19-22.02.log.html
During today's drivers meeting, we finally came to the conclusion that albeit this is a valid use case, this should not be tackled by changing the default security group semantic, and instead work with the FWaaS team.
[1] http:// eavesdrop. openstack. org/meetings/ neutron_ drivers/ 2017/neutron_ drivers. 2017-01- 19-22.02. log.html