firewall source tag does not see new droplets?
If I have droplets B1, B2 and B3, all tagged "B", and a droplet A1 with the firewall rule "allow HTTP from tag:B", A1 receives HTTP traffic from B1, B2 and B3. All OK so far.
But if I then create B4, tagged "B", A1 does not accept traffic from it, unless I remove "B" from the firewall rule and re-add it.
This would seem to be problematic when adding new droplets that need to consume a secured internal service.
Is this expected behaviour? I can use the API to add a rule for each new droplet, but that seem like a pity.