Answer by don for I don't have Ubuntu boxes to check it for myself. However, I still think , that if UFW is frontend for iptables it maybe tuned via CLI to have corresponding iptables rules make ports open for openstack services and neutron in particular. Or situation is "UFW versus IPTABLES firewall", like "firewalld versus ipv4 iptables firewall" on Fedora

I found that, since ufw creates rules on all interfaces, it was unsuitable for use on hosts running linuxbridge or openvswitch. It places your firewall rules on the internal networks causing trouble. Instead I did this: $ cat /etc/iptables.rules #!/bin/sh iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # mosh iptables -A INPUT -i eth0 -p udp -m multiport --dports 60000:60100 -j ACCEPT # all icmp iptables -A INPUT -i eth0 -p icmp -j ACCEPT # our ssl port iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT # our ssh port iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # drop the rest iptables -A INPUT -i eth0 -j DROP $ cat /etc/network/in cat: /etc/network/in: No such file or directory don@vk-3:/var/www/html/stacks$ cat /etc/network/interfaces # The primary network interface auto eth0 iface eth0 inet static address MYIP netmask 255.255.255.248 gateway MYGW dns-nameservers MYDNS pre-up /etc/iptables.rules now when my eth0 comes up, it firewalls, but only on that interface (-i eth0).