Hi , I am running openstack with rhel 7.1 and rhos version 6 (juno). the cloud supports neutron (vxlan) After install we have default security-group for admin tenant , 4 rules two for v4 and two for v6.

[root@volume-lvm-os-7 ~(keystone_demo)]# neutron security-group-rule-show eeb39e81-62ea-43aa-b583-0e29916a268a

Example: (please note protcol is empty and remote_ip)

+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | eeb39e81-62ea-43aa-b583-0e29916a268a |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          |                                      |
| remote_group_id   | 07420f78-c93b-4e1b-86d8-38ba31291959 |
| remote_ip_prefix  |                                      |
| security_group_id | 07420f78-c93b-4e1b-86d8-38ba31291959 |
| tenant_id         | 3d40ca08dad7461fa86e359138463147     |
+-------------------+--------------------------------------+

When we create a new tenant , it inherits these rules but we could not ping or ssh to instance . When i am adding the rule manually to the tenant - it works .

My question : Is there any way to change the default policy group for all tenants ? i need that the new tenant will inherit more rules. I did try to do it with policy group for admin , adding rules but the new tenant does not inherit these rules ....

Please assist,

Thanks, Benny