Perhaps relevant to the question of the intended behavior is this wiki page: https://wiki.openstack.org/wiki/Neutron/ML2PortSecurityExtensionDriver even though it's not an official document. It says:
"By creating a port security extension flag, it is possible to enable/disable packet filtering."
which - probably! - implies that both anti-spoofing and ACLs are affected by the flag. If so, this should be clarified in api-ref.
Perhaps relevant to the question of the intended behavior is this wiki page: https:/ /wiki.openstack .org/wiki/ Neutron/ ML2PortSecurity ExtensionDriver even though it's not an official document. It says:
"By creating a port security extension flag, it is possible to enable/disable packet filtering."
which - probably! - implies that both anti-spoofing and ACLs are affected by the flag. If so, this should be clarified in api-ref.