diff --git a/kuryr_kubernetes/controller/drivers/network_policy.py b/kuryr_kubernetes/controller/drivers/network_policy.py
index b92da637e..4cfe901c5 100644
--- a/kuryr_kubernetes/controller/drivers/network_policy.py
+++ b/kuryr_kubernetes/controller/drivers/network_policy.py
@@ -69,6 +69,8 @@ class NetworkPolicyDriver(base.NetworkPolicyDriver):
         if 'remote_ip_prefixes' in rule:
             result['affectedPods'] = []
             for ip, namespace in rule['remote_ip_prefixes']:
+                if not ip:
+                    continue
                 result['affectedPods'].append({
                     'podIP': ip,
                     'podNamespace': namespace,
diff --git a/kuryr_kubernetes/controller/drivers/utils.py b/kuryr_kubernetes/controller/drivers/utils.py
index b3cedd43c..6c154bdc9 100644
--- a/kuryr_kubernetes/controller/drivers/utils.py
+++ b/kuryr_kubernetes/controller/drivers/utils.py
@@ -269,7 +269,7 @@ def create_security_group_rule_body(
         security_group_rule_body['namespace'] = namespace
     if pods:
         security_group_rule_body['affectedPods'] = [
-            {'podIP': ip, 'podNamespace': ns} for ip, ns in pods.items()]
+            {'podIP': ip, 'podNamespace': ns} for ip, ns in pods.items() if ip]
     LOG.debug("Creating sg rule body %s", security_group_rule_body)
     return security_group_rule_body