Comment 1 for bug 1867119

The bug are mostly caused by the openflow security group. We compared the flows after added the 0.0.0.0/0 allowed-addres-pair. These two flows are added to table=82:
> table=82, priority=70,ct_state=+est-rel-rpl,ip,reg6=0x3 actions=conjunction(16,1/2)
> table=82, priority=70,ct_state=+new-est,ip,reg6=0x3 actions=conjunction(17,1/2)
Yes, this is the root cause, it will allow almost all ip traffic.