I could not find any patch that would have changed this, and I correctly see a rule for protocol 255 being allowed when I try this:
# iptables-save | grep 255 -A neutron-openvswi-i2232cefa-0 -p 255 -j RETURN
Since 255 is a valid, although reserved, protocol value, the code seems to be operating normally. For what you're trying to do you should not be specifying any --protocol value - 255 is not a wildcard.
I could not find any patch that would have changed this, and I correctly see a rule for protocol 255 being allowed when I try this:
# iptables-save | grep 255 openvswi- i2232cefa- 0 -p 255 -j RETURN
-A neutron-
Since 255 is a valid, although reserved, protocol value, the code seems to be operating normally. For what you're trying to do you should not be specifying any --protocol value - 255 is not a wildcard.