Comment 4 for bug 1845161

Thanks, that was an important missing piece of information.

This way I managed to reproduce the problem (independently of the firewall_driver):

in shell #1 monitoring the backend qos settings:

watch "openstack server show vm1 -f value -c OS-EXT-SRV-ATTR:instance_name | xargs -r virsh dumpxml | xmlstarlet sel -t -v '//interface/target/@dev' | xargs -r sudo ovs-vsctl list interface | egrep ingress_policing

in shell #2 trying stuff like this (a few times):

for i in 1 2 3 ; do openstack server reboot --hard --wait vm1 ; done

At the end of one of these triple hard reboots the backend was left unconfigured:

ingress_policing_burst: 0
ingress_policing_rate: 0

I'm setting the importance to high because it seems to me this behavior could be abused by a malicious user (though I don't see a security hole).