Iptables, ipset

Please, describe the problem here and provide additional information below (if applicable) …


AlmaLinux release 8.10 (Cerulean Leopard)
[OpenNebula 6.8.3]

Linking iptables with ipset
set the settings in /etc/sysconfig/iptables-config
IPTABLES_SAVE_ON_STOP="no”
IPTABLES_SAVE_ON_RESTART="no”

I set it because iptables often crashes from an error.
set one-123-ip-spoofing doesen’t exist

In /etc/sysconfig/ipset.d rules are created as needed.

Now the problem is that when I restart iptables, all rules except my default ones crash.

Can you tell me how to load slave rules for all machines on the node without saving the rules to /etc/sysconfig/iptables?

When an OpenNebula virtual network is used by a VM, the virtual network driver will automatically create the network bridge, the virtual interfaces used by the VM and the iptables rules it requires. As VMs get created and deleted these rules and interfaces will be automatically updated as well.