Netfilter is a framework provided by Linux that allows for various networking-related operations. There are a number of frameworks for firewall management, such as iptables (manages IPv4 packets), ip6tables (manages IPv6 packets), ebtables (manages ethernet bridges).
How it works
When adding a cluster node, VMmanager creates there the /usr/local/mgr5/etc/iptables.rules.d and /usr/local/mgr5/etc/ip6tables.rules.d directories and adds thee files with iptables and ip6tables rules into those directories. The files are overwritten when the panel restarts. The rules are uploaded in a certain order which is defined by the first two symbols of the name (00-99). E.g., 123 means that the rule will be handled 23th in succession; _21 means that the system will handle it after 99.
Files have the following names:
NN —rule weight (rules with less weight are processed first)
name - any name
On Debian execute the commands iptables-save and iptables-restore to save the rules iptables and ip6tables and apply them automatically after server restart. In the /etc/network/if-up.d/ directory the system creates a script that will be executed automatically when setting up the network interface and will run the command iptables-restore.
When you install VMmanager and add a cluster node, the iptables rules for modules and control panel services are added for the control panel:
To add a rule, navigate to Cluster settings → Firewall → Add.
Do not change or delete the standard rules, as they can be overwritten after VMmanager updates.