Comment 1 for bug 1897580

Hi,
I checked with ubunt20.04, latest master and devstack, and for me with hybrid firewall driver the rules are created.

$ ip -o a
1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
1: lo inet6 ::1/128 scope host \ valid_lft forever preferred_lft forever
2: ens4 inet 100.109.0.15/16 brd 100.109.255.255 scope global dynamic ens4\ valid_lft 2852sec preferred_lft 2852sec
...
$ grep -ni firewall /etc/neutron/plugins/ml2/ml2_conf.ini
299:firewall_driver = iptables_hybrid

$ openstack network create net0
...

$ openstack subnet create --network net0 --subnet-range 100.109.0.0/24 subnet0
...

$ openstack port create --network net0 --host focalcont --fixed-ip subnet=subnet0,ip-address=100.109.0.13 port0
.....

$ openstack server create --flavor c1 --image cirros-0.5.1-x86_64-disk --nic port-id=port0 --wait
...
$ openstack server list
+--------------------------------------+------+--------+--------------------------------------------------------+------------------------------------+-----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+--------------------------------------------------------+------------------------------------+-----------+
| 98a3af45-3c4f-4fa6-9dd6-3201193d978f | vm0 | ACTIVE | net0=100.109.0.13, 100.109.1.222 | cirros-0.5.1-x86_64-disk | cirros256 |

$ sudo ip netns exec qdhcp-370d3c94-ad54-42ed-bc4b-717fd4431c20 ping 100.109.0.13
PING 100.109.0.13 (100.109.0.13) 56(84) bytes of data.
^C
--- 100.109.0.13 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2046ms

$ ping 100.109.1.222
PING 100.109.1.222 (100.109.1.222) 56(84) bytes of data.
^C
--- 100.109.1.222 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5099ms

$ openstack security group rule create 04388ee4-c6bf-4696-8fd5-75cf1cca3a18 --egress --protocol icmp
...
$ openstack security group rule create 04388ee4-c6bf-4696-8fd5-75cf1cca3a18 --ingress --protocol icmp
....

$ ping 100.109.1.222
PING 100.109.1.222 (100.109.1.222) 56(84) bytes of data.
64 bytes from 100.109.1.222: icmp_seq=1 ttl=63 time=3.77 ms
64 bytes from 100.109.1.222: icmp_seq=2 ttl=63 time=1.77 ms
64 bytes from 100.109.1.222: icmp_seq=3 ttl=63 time=1.69 ms
^C
--- 100.109.1.222 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.690/2.408/3.766/0.960 ms

$ sudo ip netns exec qdhcp-370d3c94-ad54-42ed-bc4b-717fd4431c20 ping 100.109.0.13
PING 100.109.0.13 (100.109.0.13) 56(84) bytes of data.
64 bytes from 100.109.0.13: icmp_seq=1 ttl=64 time=1.20 ms
64 bytes from 100.109.0.13: icmp_seq=2 ttl=64 time=0.996 ms
64 bytes from 100.109.0.13: icmp_seq=3 ttl=64 time=0.735 ms
^C
--- 100.109.0.13 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.735/0.975/1.195/0.188 ms

iptables rules before and after:
http://paste.openstack.org/show/798508/