diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 399e4e0aa3b..e9efa9b6ee8 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -97,12 +97,16 @@ class CsAcl(CsDataBag):
                 self.rule['last_port'] = obj['src_port_range'][1]
             self.rule['allowed'] = True
 
+            self.rule['action'] = "ACCEPT"
+
+            # In that case it means we are processing the default egress rule
             if self.rule['type'] == 'all' and not obj['source_cidr_list']:
+                if self.rule['default_egress_policy'] == 'false':
+                    self.rule['action'] = "DROP"
                 self.rule['cidr'] = ['0.0.0.0/0']
             else:
                 self.rule['cidr'] = obj['source_cidr_list']
 
-            self.rule['action'] = "ACCEPT"
             logging.debug("AclIP created for rule ==> %s", self.rule)
 
         def create(self):