2018-03-20 03:02:37.345 8840 DEBUG neutron.agent.linux.utils [req-decf717e-da13-4ecf-9e5a-50e6207ec26b - - - - -] Running command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'iptables-save'] create_process /usr/lib64/python2.7/site-packages/neutron/agent/linux/utils.py:92
2018-03-20 03:02:37.607 8840 DEBUG neutron.agent.linux.utils [req-decf717e-da13-4ecf-9e5a-50e6207ec26b - - - - -] Running command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'iptables-restore', '-n'] create_process /usr/lib64/python2.7/site-packages/neutron/agent/linux/utils.py:92
2018-03-20 03:02:37.877 8840 ERROR neutron.agent.linux.iptables_manager [req-decf717e-da13-4ecf-9e5a-50e6207ec26b - - - - -] IPTablesManager.apply failed to apply the following set of iptables rules:
     40. -I neutron-linuxbri-sg-chain 1 -m physdev --physdev-out tap0b1dff3d-04 --physdev-is-bridged -j neutron-linuxbri-i0b1dff3d-0
     41. -I neutron-linuxbri-sg-chain 2 -m physdev --physdev-in tap0b1dff3d-04 --physdev-is-bridged -j neutron-linuxbri-o0b1dff3d-0
     42. -I neutron-linuxbri-sg-chain 3 -j ACCEPT
     43. -I neutron-linuxbri-sg-fallback 1 -j DROP
     44. COMMIT
     45. # Completed by iptables_manager
     46. # Generated by iptables_manager
     47. *raw
     48. :neutron-linuxbri-OUTPUT - [0:0]
     49. :neutron-linuxbri-PREROUTING - [0:0]: ProcessExecutionError: Exit code: 1; Stdin: # Generated by iptables_manager
*filter
:neutron-filter-top - [0:0]
:neutron-linuxbri-FORWARD - [0:0]
:neutron-linuxbri-INPUT - [0:0]
:neutron-linuxbri-OUTPUT - [0:0]
:neutron-linuxbri-i0b1dff3d-0 - [0:0]
:neutron-linuxbri-local - [0:0]
:neutron-linuxbri-o0b1dff3d-0 - [0:0]
:neutron-linuxbri-s0b1dff3d-0 - [0:0]
:neutron-linuxbri-sg-chain - [0:0]
:neutron-linuxbri-sg-fallback - [0:0]
-I FORWARD 1 -j neutron-filter-top
-I FORWARD 2 -j neutron-linuxbri-FORWARD
-I INPUT 1 -j neutron-linuxbri-INPUT
-I OUTPUT 1 -j neutron-filter-top
-I OUTPUT 2 -j neutron-linuxbri-OUTPUT
-I neutron-filter-top 1 -j neutron-linuxbri-local
-I neutron-linuxbri-FORWARD 1 -m physdev --physdev-out tap0b1dff3d-04 --physdev-is-bridged -j neutron-linuxbri-sg-chain
-I neutron-linuxbri-FORWARD 2 -m physdev --physdev-in tap0b1dff3d-04 --physdev-is-bridged -j neutron-linuxbri-sg-chain
-I neutron-linuxbri-INPUT 1 -m physdev --physdev-in tap0b1dff3d-04 --physdev-is-bridged -j neutron-linuxbri-o0b1dff3d-0
-I neutron-linuxbri-i0b1dff3d-0 1 -m state --state RELATED,ESTABLISHED -j RETURN
-I neutron-linuxbri-i0b1dff3d-0 2 -d 192.168.1.10/32 -p udp -m udp --sport 67 --dport 68 -j RETURN
-I neutron-linuxbri-i0b1dff3d-0 3 -d 255.255.255.255/32 -p udp -m udp --sport 67 --dport 68 -j RETURN
-I neutron-linuxbri-i0b1dff3d-0 4 -p icmp -j RETURN
-I neutron-linuxbri-i0b1dff3d-0 5 -p tcp -m tcp --dport 22 -j RETURN
-I neutron-linuxbri-i0b1dff3d-0 6 -m set --match-set NIPv4d85456b4-19fd-4f67-a2fd- src -j RETURN
-I neutron-linuxbri-i0b1dff3d-0 7 -m state --state INVALID -j DROP
-I neutron-linuxbri-i0b1dff3d-0 8 -j neutron-linuxbri-sg-fallback
-I neutron-linuxbri-o0b1dff3d-0 1 -s 0.0.0.0/32 -d 255.255.255.255/32 -p udp -m udp --sport 68 --dport 67 -j RETURN
-I neutron-linuxbri-o0b1dff3d-0 2 -j neutron-linuxbri-s0b1dff3d-0
-I neutron-linuxbri-o0b1dff3d-0 3 -p udp -m udp --sport 68 --dport 67 -j RETURN
-I neutron-linuxbri-o0b1dff3d-0 4 -p udp -m udp --sport 67 --dport 68 -j DROP
-I neutron-linuxbri-o0b1dff3d-0 5 -m state --state RELATED,ESTABLISHED -j RETURN
-I neutron-linuxbri-o0b1dff3d-0 6 -j RETURN
-I neutron-linuxbri-o0b1dff3d-0 7 -m state --state INVALID -j DROP
-I neutron-linuxbri-o0b1dff3d-0 8 -j neutron-linuxbri-sg-fallback
-I neutron-linuxbri-s0b1dff3d-0 1 -s 192.168.1.10/32 -m mac --mac-source FA:16:3E:78:64:1B -j RETURN
-I neutron-linuxbri-s0b1dff3d-0 2 -j DROP
-I neutron-linuxbri-sg-chain 1 -m physdev --physdev-out tap0b1dff3d-04 --physdev-is-bridged -j neutron-linuxbri-i0b1dff3d-0
-I neutron-linuxbri-sg-chain 2 -m physdev --physdev-in tap0b1dff3d-04 --physdev-is-bridged -j neutron-linuxbri-o0b1dff3d-0
-I neutron-linuxbri-sg-chain 3 -j ACCEPT
-I neutron-linuxbri-sg-fallback 1 -j DROP
COMMIT
# Completed by iptables_manager
# Generated by iptables_manager
*raw
:neutron-linuxbri-OUTPUT - [0:0]
:neutron-linuxbri-PREROUTING - [0:0]
-I OUTPUT 1 -j neutron-linuxbri-OUTPUT
-I PREROUTING 1 -j neutron-linuxbri-PREROUTING
-I neutron-linuxbri-PREROUTING 1 -m physdev --physdev-in brq5b7cb146-99 -m comment --comment "Set zone for b1dff3d-04" -j CT --zone 1
-I neutron-linuxbri-PREROUTING 2 -i brq5b7cb146-99 -m comment --comment "Set zone for b1dff3d-04" -j CT --zone 1
-I neutron-linuxbri-PREROUTING 3 -m physdev --physdev-in tap0b1dff3d-04 -m comment --comment "Set zone for b1dff3d-04" -j CT --zone 1
COMMIT
# Completed by iptables_manager
; Stdout: ; Stderr: iptables-restore: line 44 failed