diff --git a/src/vnm_mad/remotes/OpenNebulaNetwork.conf b/src/vnm_mad/remotes/OpenNebulaNetwork.conf
index 4d047ccc8e..a0b91ff296 100644
--- a/src/vnm_mad/remotes/OpenNebulaNetwork.conf
+++ b/src/vnm_mad/remotes/OpenNebulaNetwork.conf
@@ -57,6 +57,12 @@
 # Default MTU for the VXLAN interface
 :vxlan_mtu: 1500
 
+################################################################################
+# Security Group Options
+################################################################################
+
+# Maximal number of entries in the IP set
+:ipset_maxelem: 65536
 
 ################################################################################
 # Bridge and Interface Creation Options
diff --git a/src/vnm_mad/remotes/lib/security_groups_iptables.rb b/src/vnm_mad/remotes/lib/security_groups_iptables.rb
index 8191f766dc..969142d5a0 100644
--- a/src/vnm_mad/remotes/lib/security_groups_iptables.rb
+++ b/src/vnm_mad/remotes/lib/security_groups_iptables.rb
@@ -146,7 +146,11 @@ module SGIPTables
                 end
 
                 if !sets.include?(set)
-                    cmds.add :ipset, "create #{set} hash:net,port family #{family}"
+                    maxelem = vars[:nic][:conf][:ipset_maxelem] ?
+                        "maxelem #{vars[:nic][:conf][:ipset_maxelem]}" :
+                        "maxelem #{CONF[:ipset_maxelem]}"
+
+                    cmds.add :ipset, "create #{set} hash:net,port family #{family} #{maxelem}"
                     cmds.add command, "-A #{chain} -m set --match-set" \
                         " #{set} #{dir} -j RETURN"
 
@@ -318,10 +322,11 @@ module SGIPTables
 
         vars = {}
 
-        vars[:vm_id]     = vm_id,
-        vars[:nic_id]    = nic_id,
-        vars[:chain]     = "one-#{vm_id}-#{nic_id}",
-        vars[:chain_in]  = "#{vars[:chain]}-i",
+        vars[:nic]       = nic
+        vars[:vm_id]     = vm_id
+        vars[:nic_id]    = nic_id
+        vars[:chain]     = "one-#{vm_id}-#{nic_id}"
+        vars[:chain_in]  = "#{vars[:chain]}-i"
         vars[:chain_out] = "#{vars[:chain]}-o"
 
         if sg_id
diff --git a/src/vnm_mad/remotes/lib/sg_driver.rb b/src/vnm_mad/remotes/lib/sg_driver.rb
index d1c9172d09..06d54ddcc2 100644
--- a/src/vnm_mad/remotes/lib/sg_driver.rb
+++ b/src/vnm_mad/remotes/lib/sg_driver.rb
@@ -81,7 +81,7 @@ module VNMMAD
             attach_nic_id = @vm['TEMPLATE/NIC[ATTACH="YES"]/NIC_ID'] if !do_all
 
             # Process the rules
-            @vm.nics.each do |nic|
+            process do |nic|
                 next if attach_nic_id && attach_nic_id != nic[:nic_id]
 
                 if nic[:security_groups].nil?
diff --git a/src/vnm_mad/remotes/lib/vnmmad.rb b/src/vnm_mad/remotes/lib/vnmmad.rb
index 6418927572..8ff9bbedd5 100644
--- a/src/vnm_mad/remotes/lib/vnmmad.rb
+++ b/src/vnm_mad/remotes/lib/vnmmad.rb
@@ -48,7 +48,8 @@ rescue
         :vxlan_ttl           => "16",
         :vxlan_mtu           => "1500",
         :validate_vlan_id    => false,
-        :vlan_mtu            => "1500"
+        :vlan_mtu            => "1500",
+        :ipset_maxelem       => "65536",
     }
 end