Hi, I use devstack to build my OpenStack environment, the network i choose VLAN, and it work very well! I can ping VM from outside public network and I am able to ssh in VM from public network.

I found that the Compute node Open vSwitch br-int has this flow rule, to make all internet action can work , OpenStack use

table=0,priority=1,actions=NORMAL

if I delete this rule, I can not ping or ssh from outside. If I want to ssh from outside, and I don't want to use original flow rule,

what flow should I add? I have tried this before

sudo ovs-ofctl add-flow br-int table=0,tcp,tcp_dst=22,actions=NORMAL
sudo ovs-ofctl add-flow br-int table=0,tcp,tcp_src=22,actions=NORMAL

I still can not ssh in VM. Do I set up wrong?

Please help me :D! very thank you!