diff --git a/kuryr_kubernetes/constants.py b/kuryr_kubernetes/constants.py
index ea4a5d2ba..9614444ee 100644
--- a/kuryr_kubernetes/constants.py
+++ b/kuryr_kubernetes/constants.py
@@ -66,6 +66,10 @@ KURYR_VIF_TYPE_SRIOV = 'sriov'
 OCTAVIA_L2_MEMBER_MODE = "L2"
 OCTAVIA_L3_MEMBER_MODE = "L3"
 NEUTRON_LBAAS_HAPROXY_PROVIDER = 'haproxy'
+IPv4 = 'IPv4'
+IPv6 = 'IPv6'
+IP_VERSION_4 = 4
+IP_VERSION_6 = 6
 
 VIF_POOL_POPULATE = '/populatePool'
 VIF_POOL_FREE = '/freePool'
diff --git a/kuryr_kubernetes/controller/drivers/lbaasv2.py b/kuryr_kubernetes/controller/drivers/lbaasv2.py
index 294c181eb..192cb225b 100644
--- a/kuryr_kubernetes/controller/drivers/lbaasv2.py
+++ b/kuryr_kubernetes/controller/drivers/lbaasv2.py
@@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import ipaddress
 import random
 from six.moves import http_client as httplib
 import time
@@ -31,6 +32,7 @@ from oslo_utils import versionutils
 
 from kuryr_kubernetes import clients
 from kuryr_kubernetes import config
+from kuryr_kubernetes import constants as k_const
 from kuryr_kubernetes.controller.drivers import base
 from kuryr_kubernetes.controller.drivers import utils as c_utils
 from kuryr_kubernetes import exceptions as k_exc
@@ -307,11 +309,14 @@ class LBaaSv2Driver(base.LBaaSDriver):
                                                                   max_port+1)):
                             continue
                         all_pod_rules.append(rule)
+                        sg_rule_ethertype = ipaddress.ip_network(
+                            rule.remote_ip_prefix).version
                         try:
                             LOG.debug("Creating LBaaS sg rule for sg: %r",
                                       lb_sg)
                             os_net.create_security_group_rule(
                                 direction='ingress',
+                                ether_type=sg_rule_ethertype,
                                 port_range_min=port,
                                 port_range_max=port,
                                 protocol=protocol,
@@ -338,9 +343,13 @@ class LBaaSv2Driver(base.LBaaSDriver):
             self._delete_rule_if_no_match(rule, all_pod_rules)
 
         if add_default_rules:
+            sg_rule_ethertype = k_const.IPv4
+            if utils.get_service_subnet_version() == k_const.IP_VERSION_6:
+                sg_rule_ethertype = k_const.IPv6
             try:
                 LOG.debug("Restoring default LBaaS sg rule for sg: %r", lb_sg)
                 os_net.create_security_group_rule(direction='ingress',
+                                                  ether_type=sg_rule_ethertype,
                                                   port_range_min=port,
                                                   port_range_max=port,
                                                   protocol=protocol,
diff --git a/kuryr_kubernetes/utils.py b/kuryr_kubernetes/utils.py
index d39cfc275..d3be907cc 100644
--- a/kuryr_kubernetes/utils.py
+++ b/kuryr_kubernetes/utils.py
@@ -355,3 +355,15 @@ def get_service_ports(service):
              'port': port['port'],
              'targetPort': str(port['targetPort'])}
             for port in service['spec']['ports']]
+
+
+@MEMOIZE
+def get_service_subnet_version():
+    os_net = clients.get_network_client()
+    svc_subnet_id = CONF.neutron_defaults.service_subnet
+    try:
+        svc_subnet = os_net.get_subnet(svc_subnet_id)
+    except os_exc.ResourceNotFound:
+        LOG.exception("Service subnet %s not found", svc_subnet_id)
+        raise
+    return svc_subnet.ip_version