diff --git a/neutron/plugins/hyperv/agent/utilsv2.py b/neutron/plugins/hyperv/agent/utilsv2.py
index 9a1f7902fc..c8d8ff3573 100644
--- a/neutron/plugins/hyperv/agent/utilsv2.py
+++ b/neutron/plugins/hyperv/agent/utilsv2.py
@@ -419,11 +419,12 @@ class HyperVUtilsV2R2(HyperVUtilsV2):
         return [v for v in acls
                 if v.Action == action and
                 v.Direction == direction and
-                v.LocalPort in [str(local_port), self._ACL_DEFAULT] and
-                v.Protocol in [protocol] and
+                v.LocalPort == str(local_port) and
+                v.Protocol == protocol and
                 v.RemoteIPAddress == remote_addr]
 
     def _get_new_weight(self, acls):
+        acls = [a for a in acls if a.Action is not self._ACL_ACTION_DENY]
         if not acls:
             return self._MAX_WEIGHT - 1
 
diff --git a/neutron/tests/unit/hyperv/test_hyperv_utilsv2.py b/neutron/tests/unit/hyperv/test_hyperv_utilsv2.py
index ef8741b9aa..52970aa52a 100644
--- a/neutron/tests/unit/hyperv/test_hyperv_utilsv2.py
+++ b/neutron/tests/unit/hyperv/test_hyperv_utilsv2.py
@@ -449,14 +449,19 @@ class TestHyperVUtilsV2R2(base.BaseTestCase):
             default, default, self._FAKE_REMOTE_ADDR)
 
     def _test_filter_security_acls(self, local_port, protocol, remote_addr):
-        mock_acl = mock.MagicMock()
-        mock_acl.Action = self._utils._ACL_ACTION_ALLOW
-        mock_acl.Direction = self._FAKE_ACL_DIR
-        mock_acl.LocalPort = local_port
-        mock_acl.Protocol = protocol
-        mock_acl.RemoteIPAddress = remote_addr
+        acls = []
+        default = self._utils._ACL_DEFAULT
+        for port, proto in [(default, default), (local_port, protocol)]:
+            mock_acl = mock.MagicMock()
+            mock_acl.Action = self._utils._ACL_ACTION_ALLOW
+            mock_acl.Direction = self._FAKE_ACL_DIR
+            mock_acl.LocalPort = port
+            mock_acl.Protocol = proto
+            mock_acl.RemoteIPAddress = remote_addr
+            acls.append(mock_acl)
+
+        right_acls = [a for a in acls if a.LocalPort == local_port]
 
-        acls = [mock_acl, mock_acl]
         good_acls = self._utils._filter_security_acls(
             acls, mock_acl.Action, self._FAKE_ACL_DIR, self._FAKE_ACL_TYPE,
             local_port, protocol, remote_addr)
@@ -464,7 +469,7 @@ class TestHyperVUtilsV2R2(base.BaseTestCase):
             acls, self._FAKE_ACL_ACT, self._FAKE_ACL_DIR, self._FAKE_ACL_TYPE,
             local_port, protocol, remote_addr)
 
-        self.assertEqual(acls, good_acls)
+        self.assertEqual(right_acls, good_acls)
         self.assertEqual([], bad_acls)
 
     def test_get_new_weight(self):
@@ -478,3 +483,13 @@ class TestHyperVUtilsV2R2(base.BaseTestCase):
     def test_get_new_weight_no_acls(self):
         self.assertEqual(self._utils._MAX_WEIGHT - 1,
                          self._utils._get_new_weight([]))
+
+    def test_get_new_weight_default_acls(self):
+        mockacl1 = mock.MagicMock()
+        mockacl1.Weight = self._utils._MAX_WEIGHT - 1
+        mockacl2 = mock.MagicMock()
+        mockacl2.Weight = self._utils._MAX_WEIGHT - 2
+        mockacl2.Action = self._utils._ACL_ACTION_DENY
+
+        self.assertEqual(self._utils._MAX_WEIGHT - 2,
+                         self._utils._get_new_weight([mockacl1, mockacl2]))