"ebtables-nft" MAC rule deletion failing

"ebtables-nft" is failing to delete the rule filtering by MAC address:
  Bridge chain: neutronMAC-test-veth024379, entries: 2, policy: DROP
  -i test-veth024379 --among-src fa:16:3e:47:87:0 -j RETURN
  -j DROP

A workaround for this issue, that works with both "ebtables-nft" and
"ebtables-legacy", is to flush the table and recreate the DROP rule.
The MAC spoofing tables have two rules: the one filtering by MAC address
and the default DROP rule. This workaround has the same effect as just
deleting the filtering rule.

Closes-Bug: #2038541
Change-Id: I38bd016c35d7a76d88c6eceec797d1cea84c45d1
(cherry picked from commit 1879d92)

Author: ralonsoh

neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py

@@ -201,7 +201,9 @@ def _delete_vif_mac_rules(vif, current_rules):
     chain = _mac_chain_name(vif)
     for rule in current_rules:
         if '-i %s' % vif in rule and '--among-src' in rule:
-            ebtables(['-D', chain] + rule.split())
+            # Flush the table and recreate the default DROP rule.
+            ebtables(['-F', chain])
+            ebtables(['-A', chain, '-j', 'DROP'])
 
 
 def _delete_mac_spoofing_protection(vifs, current_rules, table, chain):