+++ This bug was initially created as a clone of Bug #2111534 +++
Description of problem:
When we fixed https://bugzilla.redhat.com/show_bug.cgi?id=2053609, we ended up deleting the conntrack entries for services before the service flows and iptable rules were removed.
To be safer, removing conntrack entries should be done after the service flows and rules to ensure the entries don't get recreated.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Moving to VERIFIED per label added by Weibin on the PR
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (OpenShift Container Platform 4.11.4 bug fix update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.