Centos 8 block ip (firewalld ipset doesn't seem to work)

Question

I followed this guide https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-setting_and_controlling_ip_sets_using_firewalld to create an ipset with ip to block.

This is my ip list.

204.48.27.45
36.255.84.59
144.217.99.65
185.246.128.147
46.35.226.16
68.144.0.0/13
158.69.0.0/16
149.56.16.0/20
167.114.0.0/16
192.99.0.0/16
188.92.77.15
216.196.92.101
217.0.0.0/8
54.93.0.0/16
220.0.0.0/8
165.22.0.0
95.236.242.22
87.4.246.61
159.138.0.0/16
181.234.22.88
185.198.56.133
195.103.133.46
38.0.0.0/8
61.0.0.0/8
58.0.0.0/8
49.0.0.0/8
182.0.0.0/8
171.0.0.0/8
163.0.0.0/8
153.0.0.0/8
144.255.0.0/16
140.255.0.0/16
14.0.0.0/8
125.0.0.0/8
124.0.0.0/8
121.0.0.0/8
119.0.0.0/8
118.0.0.0/8
116.0.0.0/8
115.0.0.0/8
113.0.0.0/8
112.0.0.0/8
110.0.0.0/8
111.0.0.0/8
106.0.0.0/8
175.0.0.0/8
117.0.0.0/8
114.0.0.0/8
180.0.0.0/8
183.0.0.0/8
120.0.0.0/8
104.148.105.5
60.0.0.0/8
101.0.0.0/8
123.0.0.0/8
59.0.0.0/8
39.0.0.0/8
47.96.0.0/15
47.92.0.0/14
191.31.72.6
85.93.89.25
154.83.29.101
178.156.202.190
51.0.0.0/8
34.64.0.0/10
178.159.102.4
138.200.0.0/15
138.198.0.0/15
159.69.0.0/16
199.59.91.34
87.247.136.147
95.211.209.158
188.241.192.137
95.160.35.21
109.254.254.111
93.105.187.11
185.234.217.32

(people trying to copy my sites, access restricted areas, etc.)

Everything seems to work, but then my sites go offline and I can no longer even access my server via ssh.

And there seems to be nothing to do, the only solution is to clear the ip list and restart the server, and everything starts working again.

What's not working? There doesn't seem to be anything difficult or strange, and the guide is on redhat.com, it should be reliable... but it doesn't work tragically...

I just want to prevent those ip's from accessing my server, am I doing something wrong? Am I doing it right? Are there better ways to do it?

---------------------update---------------------

Today I get this errors:

firewalld[845]: ERROR: '/usr/sbin/nft add rule inet firewalld raw_PREROUTING_ZONES index 0 ip saddr @blacklist goto raw_PRE_drop' failed:
firewalld[845]: ERROR: '/usr/sbin/nft add rule inet firewalld raw_PREROUTING_ZONES index 0 ip saddr @blacklist goto raw_PRE_drop' failed:
firewalld[845]: ERROR: '/usr/sbin/nft insert rule inet firewalld raw_PREROUTING_ZONES iifname "ens3" goto raw_PRE_public' failed: Error: Could not process rule: No such file or directory
                                               insert rule inet firewalld raw_PREROUTING_ZONES iifname "ens3" goto raw_PRE_public
                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 firewalld[845]: ERROR: '/usr/sbin/nft insert rule inet firewalld raw_PREROUTING_ZONES iifname "ens3" goto raw_PRE_public' failed: Error: Could not process rule: No such file or directory
                                               insert rule inet firewalld raw_PREROUTING_ZONES iifname "ens3" goto raw_PRE_public
                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
firewalld[845]: ERROR: COMMAND_FAILED: '/usr/sbin/nft insert rule inet firewalld raw_PREROUTING_ZONES iifname "ens3" goto raw_PRE_public' failed: Error: Could not process rule: No such file or directory
                                               insert rule inet firewalld raw_PREROUTING_ZONES iifname "ens3" goto raw_PRE_public
                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

And with this, I found this: https://bugs.centos.org/view.php?id=16518 I'm not sure it's the same, but it looks a lot like...

I was almost thinking of disabling firewalld and using nftables directly, but will it be the same?