diff --git a/vif_plug_linux_bridge/linux_bridge.py b/vif_plug_linux_bridge/linux_bridge.py
index 9d8a8d39..aa124655 100644
--- a/vif_plug_linux_bridge/linux_bridge.py
+++ b/vif_plug_linux_bridge/linux_bridge.py
@@ -102,7 +102,10 @@ class LinuxBridgePlugin(plugin.PluginBase):
                                              bridge_name, iface, mtu=mtu)
             else:
                 iface = self.config.flat_interface or network.bridge_interface
-                linux_net.ensure_bridge(bridge_name, iface)
+                # only put in iptables rules if Neutron not filtering
+                install_filters = not vif.has_traffic_filtering
+                linux_net.ensure_bridge(bridge_name, iface,
+                                        filtering=install_filters)
 
     def unplug(self, vif, instance_info):
         # Nothing required to unplug a port for a VIF using standard
diff --git a/vif_plug_linux_bridge/tests/test_plugin.py b/vif_plug_linux_bridge/tests/test_plugin.py
index b1f3651e..58083695 100644
--- a/vif_plug_linux_bridge/tests/test_plugin.py
+++ b/vif_plug_linux_bridge/tests/test_plugin.py
@@ -66,14 +66,20 @@ class PluginTest(testtools.TestCase):
             address='ca:fe:de:ad:be:ef',
             network=network,
             dev_name='tap-xxx-yyy-zzz',
+            has_traffic_filtering=True,
             bridge_name="br0")
 
         plugin = linux_bridge.LinuxBridgePlugin.load("linux_bridge")
         plugin.plug(vif, self.instance)
 
-        mock_ensure_bridge.assert_called_with("br0", "eth0")
+        mock_ensure_bridge.assert_called_with("br0", "eth0", filtering=False)
         self.assertEqual(len(mock_ensure_vlan_bridge.calls), 0)
 
+        mock_ensure_bridge.reset_mock()
+        vif.has_traffic_filtering = False
+        plugin.plug(vif, self.instance)
+        mock_ensure_bridge.assert_called_with("br0", "eth0", filtering=True)
+
     def test_plug_bridge_create_br_vlan_mtu_in_model(self):
         self._test_plug_bridge_create_br_vlan(mtu=1234)