ec2-net-utils deleting custom ip rules upon state change

[andrewmiskell]

OS: Debian 12.1
Version: 2.3.0

Any custom ip rules that I've created seem to get deleted whenever an interface or secondary IP is added/removed from the instance.

For example, I'm using the following rule to mark packets from a specific source IP so I can take action in iptables based on that mark.

ip rule add from 10.0.254.116 fwmark 10001 table 10001

Whenever there's a state change on the interfaces (additional interfaces added or removed, or additional IP addresses added or removed) it looks like all of the ip rules are deleted and rebuilt.

Is there a way to make the rule persist or at least be recreated when ec2-net-utils refreshes all the policies?

[nmeyerhans]

Is there a way to make the rule persist or at least be recreated when ec2-net-utils refreshes all the policies?

When something changes, net-utils will execute networkctl reload to get systemd-networkd to pick up the newly generated configuration.

If you want to install persistent configuration, I recommend storing it in systemd-networkd configuration in /etc/systemd/network/

So your policy routing rule would look something like:

[RoutingPolicyRule]
From=10.0.254.116
FirewallMark=10001
Table=10001

And could be stored in /etc/systemd/network/70-ens6.network.d/fwmark.conf or similar.

See the systemd.network docs for more on that.