Feedback managing iptables rules backups while running OpenVPN and Wireguard server (prevent duplicities)

[slrslr]

When You want to backup default iptables rule set, then after exporting current rules, you may need to cleanup the exported file from various rules including OpenVPN server ones. Because if you skip this and load the such exported rules file at boot, OpenVPN service will load its rules too, causing duplicity of some rules. Wireguard does the same.

I have noticed that the line, for which the duplicity is not made is:

-t nat -A PREROUTING -i eth0 -p udp -m multiport --dports myport1,myport2 -j DNAT --to-destination 10.8.0.lastoctethere
-t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport myport1st:myportlast -j DNAT --to-destination 10.8.0.lastoctethere

i was searching: grep -Ril MyServerPublicIP /etc

/etc/network/interfaces
/etc/openvpn/server/client-common.txt
/etc/openvpn/server/server.conf
/etc/wireguard/params
/etc/wireguard/wg0.conf
/etc/systemd/system/multi-user.target.wants/openvpn-iptables.service
/etc/systemd/system/openvpn-iptables.service

Inside last two found files are some basic rules, not mine custom 2 forwarding rules.

This is making iptables rules backups complicated (for future migration to different server - you have to also replace static server IPs inside some rules).

Can this be somehow simplified or what is a suggestion? Remember (hard to) OVPN and WG is creating its basic rules i need to always manually cleanup/de-duplicate exported file (risky task)? Or maintain kind of default rules file and try to remember that i need to edit this one + default one in order to maintain new rules across reboot and for backup purpose (not good to adjust main file that is restored on boot since one may do mistake and lock oneself from server.

[Nyr]

I can not see how this is an issue which would need to be addressed within this project. If you are backing up your rules, you need to consider this.