I was not able to test it on an OpenStack deployment,
but yes from reading the code Neutron ML2 with Linuxbridge driver is using iptables bridge firewall + ebtables rules. Using VLAN 0 you completely bypass iptables rules (on the bridge forward path), and ebtables rules are only looking at ARP.
You can easily confirm it using the small scapy script provided
Hi Slawek,
I was not able to test it on an OpenStack deployment,
but yes from reading the code Neutron ML2 with Linuxbridge driver is using iptables bridge firewall + ebtables rules. Using VLAN 0 you completely bypass iptables rules (on the bridge forward path), and ebtables rules are only looking at ARP.
You can easily confirm it using the small scapy script provided