diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 7279518c43d..c4a67536942 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -860,8 +860,10 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
                 for ip in ips:
                     execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " " + direction + " " + ip + " -j "+ action)
 
-        if allow_any and protocol != 'all':
-            if protocol != 'icmp':
+        if allow_any
+            if protocol == 'all':
+                execute("iptables -I " + vmchain + " -m state --state NEW " + direction + " 0.0.0.0/0 -j "+action)
+            elif protocol != 'icmp':
                 execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -j "+ action)
             else:
                 range = start + "/" + end