When update meter label or rule, iptables_manager will update iptables rule in router's namespace. In order to, it will clean traffic counter number collected in interval time, the other iptables always trashing that will clean old iptalbes rule and generate new same significance iptables rule.
the example from update meter label:
Generated by iptables_manager
*filter
:neutron-meter-neutron-met - [0:0]
:neutron-meter-r-00599199-632 - [0:0]
-I FORWARD 2 -j neutron-meter-FORWARD
-D FORWARD 4
-I INPUT 1 -j neutron-meter-INPUT
-D INPUT 3
-I OUTPUT 2 -j neutron-meter-OUTPUT
-D OUTPUT 4
-I neutron-filter-top 1 -j neutron-meter-local
-D neutron-filter-top 3
-D neutron-meter-l-00e4e019-099 1
-I neutron-meter-l-00e4e019-099 1
-D neutron-meter-l-01e4e019-099 1
-I neutron-meter-l-01e4e019-099 1
-I neutron-meter-r-00599199-632 1 -i qg-f0732f6f-8e -d 192.168.10.0/24 -j neutron-meter-l-00599199-632
COMMIT
# Completed by iptables_manager
# Generated by iptables_manager
*raw
-I OUTPUT 1 -j neutron-meter-OUTPUT
-D OUTPUT 3
-I PREROUTING 1 -j neutron-meter-PREROUTING
-D PREROUTING 3
COMMIT
# Completed by iptables_manager
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
I've add the OSSA task since it's reported as a Security bug, though it doesn't like a vulnerability but more of a bug with (some) security implications (class D according to VMT taxonomy).