diff --git a/etc/neutron/rootwrap.d/l3.filters b/etc/neutron/rootwrap.d/l3.filters
index ea18b1ca43d..0b13ad1967e 100644
--- a/etc/neutron/rootwrap.d/l3.filters
+++ b/etc/neutron/rootwrap.d/l3.filters
@@ -40,8 +40,8 @@ l3_tc_add_qdisc_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingres
 l3_tc_add_qdisc_egress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, root, handle, 1:, htb
 l3_tc_show_filters: RegExpFilter, tc, root, tc, -p, -s, -d, filter, show, dev, .+, parent, .+, prio, 1
 l3_tc_delete_filters: RegExpFilter, tc, root, tc, filter, del, dev, .+, parent, .+, prio, 1, handle, .+, u32
-l3_tc_add_filter_ingress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, dst, .+, police, rate, .+, burst, .+, drop, flowid, :1
-l3_tc_add_filter_egress:  RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, src, .+, police, rate, .+, burst, .+, drop, flowid, :1
+l3_tc_add_filter_ingress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, dst, .+, police, rate, .+, burst, .+, mtu, 64kb, drop, flowid, :1
+l3_tc_add_filter_egress:  RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, src, .+, police, rate, .+, burst, .+, mtu, 64kb, drop, flowid, :1
 
 # For ip monitor
 kill_ip_monitor: KillFilter, root, ip, -9
diff --git a/neutron/agent/linux/l3_tc_lib.py b/neutron/agent/linux/l3_tc_lib.py
index 19a15c2ba9c..f033746fd56 100644
--- a/neutron/agent/linux/l3_tc_lib.py
+++ b/neutron/agent/linux/l3_tc_lib.py
@@ -117,7 +117,7 @@ class FloatingIPTcCommandBase(ip_lib.IPDevice):
         _match = 'src' if direction == constants.EGRESS_DIRECTION else 'dst'
         match = ['u32', 'match', 'ip', _match, ip]
         police = ['police', 'rate', rate_value, 'burst', burst_value,
-                  'drop', 'flowid', ':1']
+                  'mtu', '64kb', 'drop', 'flowid', ':1']
         args = protocol + prio + match + police
         cmd = ['filter', 'add', 'dev', self.name,
                'parent', qdisc_id] + args
diff --git a/neutron/tests/unit/agent/linux/test_l3_tc_lib.py b/neutron/tests/unit/agent/linux/test_l3_tc_lib.py
index 684b117a649..cd2c43fe1fa 100644
--- a/neutron/tests/unit/agent/linux/test_l3_tc_lib.py
+++ b/neutron/tests/unit/agent/linux/test_l3_tc_lib.py
@@ -227,7 +227,7 @@ class TestFloatingIPTcCommandBase(base.BaseTestCase):
         prio = ['prio', 1]
         match = ['u32', 'match', 'ip', 'dst', FLOATING_IP_1]
         police = ['police', 'rate', '1kbit', 'burst', '1kbit',
-                  'drop', 'flowid', ':1']
+                  'mtu', '64kb', 'drop', 'flowid', ':1']
         args = protocol + prio + match + police
         cmd = ['tc', 'filter', 'add', 'dev', FLOATING_IP_DEVICE_NAME,
                'parent', INGRESS_QSIC_ID] + args
@@ -329,7 +329,7 @@ class TestFloatingIPTcCommand(base.BaseTestCase):
                     _match = 'dst'
                     match = ['u32', 'match', 'ip', _match, ip]
                     police = ['police', 'rate', '1kbit', 'burst', '1kbit',
-                              'drop', 'flowid', ':1']
+                              'mtu', '64kb', 'drop', 'flowid', ':1']
                     args = protocol + prio + match + police
 
                     self.execute.assert_called_once_with(