Skip to content

Instantly share code, notes, and snippets.

@bitwalker
Created April 5, 2016 18:07
Show Gist options
  • Save bitwalker/fe4d4fe2c692730fac1fcc241cd1ac4d to your computer and use it in GitHub Desktop.
Save bitwalker/fe4d4fe2c692730fac1fcc241cd1ac4d to your computer and use it in GitHub Desktop.
[centos@ip-172-22-245-135 ~]$ sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
681K 129M ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 /* traffic from docker for internet */
743K 517M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 4789 /* 001 vxlan incoming */
2825K 2958M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
336 29457 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
59589 3575K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1786 99404 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
6827 429K OS_FIREWALL_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0
3101 207K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
9 32186 DOCKER all -- * lbr0 0.0.0.0/0 0.0.0.0/0
9 32186 ACCEPT all -- * lbr0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lbr0 !lbr0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lbr0 lbr0 0.0.0.0/0 0.0.0.0/0
11M 5149M ACCEPT all -- * * 10.1.0.0/16 0.0.0.0/0
3316K 4227M ACCEPT all -- * * 0.0.0.0/0 10.1.0.0/16
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 2304 packets, 322K bytes)
pkts bytes target prot opt in out source destination
3549K 4031M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SERVICES (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.15.31 /* logging/logging-kibana-ops: has no endpoints */ tcp dpt:443 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.249.191 /* sc-report/whatever:8080-tcp has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.18.77 /* example/phoenix-example:5000-tcp has no endpoints */ tcp dpt:5000 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.226.53 /* python-ex/python-ex:8080-tcp has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.85.174 /* default/docker-registry:5000-tcp has no endpoints */ tcp dpt:5000 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.125.0 /* sc-report/nodejs-example:web has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.45.174 /* sc-report/sc-report:8080-tcp has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.89.145 /* logging/logging-es-ops: has no endpoints */ tcp dpt:9200 reject-with icmp-port-unreachable
Chain OS_FIREWALL_ALLOW (1 references)
pkts bytes target prot opt in out source destination
3072 184K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10250
195 10244 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
459 28044 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10255
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:10255
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:4789
[centos@ip-172-22-245-135 ~]$ sudo iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 143 packets, 15024 bytes)
pkts bytes target prot opt in out source destination
1174K 126M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
157K 37M DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 139 packets, 14724 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 462 packets, 34164 bytes)
pkts bytes target prot opt in out source destination
519K 50M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 462 packets, 34164 bytes)
pkts bytes target prot opt in out source destination
1536K 139M KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */
1207K 101M MASQUERADE all -- * !lbr0 10.1.1.0/24 0.0.0.0/0
1 84 MASQUERADE all -- * * 10.1.0.0/16 !10.1.0.0/16
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
Chain KUBE-MARK-MASQ (13 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000
Chain KUBE-NODEPORTS (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-POSTROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000
Chain KUBE-SEP-3FFFU3GRWW672DY4 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 10.1.3.10 0.0.0.0/0 /* example/node-test:3000-tcp */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* example/node-test:3000-tcp */ tcp to:10.1.3.10:3000
Chain KUBE-SEP-4BN4Q5DZZLMRJNIB (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 10.1.2.142 0.0.0.0/0 /* example/express:3000-tcp */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* example/express:3000-tcp */ tcp to:10.1.2.142:3000
Chain KUBE-SEP-5AMZJJLWITY4BZ55 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 10.1.3.100 0.0.0.0/0 /* logging/logging-es: */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-es: */ tcp to:10.1.3.100:9200
Chain KUBE-SEP-EDX7I3OQPLBHQQHE (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.22.186.107 0.0.0.0/0 /* default/kubernetes:dns-tcp */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:dns-tcp */ tcp to:172.22.186.107:53
Chain KUBE-SEP-EZOMAFYU7TFOW2WR (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.22.186.107 0.0.0.0/0 /* default/kubernetes:dns */
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:dns */ udp to:172.22.186.107:53
Chain KUBE-SEP-GL6LUTT4HSQ5BGTS (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 10.1.1.58 0.0.0.0/0 /* examples/deployment-example:8080-tcp */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* examples/deployment-example:8080-tcp */ tcp to:10.1.1.58:8080
Chain KUBE-SEP-HQIYTXIQ7JWVB7J5 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 10.1.3.103 0.0.0.0/0 /* logging/logging-kibana: */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-kibana: */ tcp to:10.1.3.103:3000
Chain KUBE-SEP-LCVT22FCM7KBVKCD (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.22.245.135 0.0.0.0/0 /* default/router:80-tcp */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:80-tcp */ tcp to:172.22.245.135:80
Chain KUBE-SEP-PHAWW3ODVTFD4CIT (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.22.245.135 0.0.0.0/0 /* default/router:1936-tcp */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:1936-tcp */ tcp to:172.22.245.135:1936
Chain KUBE-SEP-RPAUWPJ7MEEPDHIV (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 10.1.2.11 0.0.0.0/0 /* example/deployment-example:8080-tcp */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* example/deployment-example:8080-tcp */ tcp to:10.1.2.11:8080
Chain KUBE-SEP-W4OMTRPPLQAB4QDY (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 10.1.2.136 0.0.0.0/0 /* logging/logging-es: */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-es: */ tcp to:10.1.2.136:9200
Chain KUBE-SEP-WXFBZ657UKUAPQKT (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.22.186.107 0.0.0.0/0 /* default/kubernetes:https */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ tcp to:172.22.186.107:8443
Chain KUBE-SEP-XL6UVOXWRRFJXNEL (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.22.245.135 0.0.0.0/0 /* default/router:443-tcp */
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:443-tcp */ tcp to:172.22.245.135:443
Chain KUBE-SERVICES (2 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SVC-BA6I5HTZKAAAJT56 tcp -- * * 0.0.0.0/0 172.30.0.1 /* default/kubernetes:dns-tcp cluster IP */ tcp dpt:53
0 0 KUBE-SVC-MVEOC3KQXP26WZMX tcp -- * * 0.0.0.0/0 172.30.134.63 /* example/deployment-example:8080-tcp cluster IP */ tcp dpt:8080
0 0 KUBE-SVC-GQKZAHCS5DTMHUQ6 tcp -- * * 0.0.0.0/0 172.30.199.39 /* default/router:80-tcp cluster IP */ tcp dpt:80
0 0 KUBE-SVC-GNQKRDLPFWE3LILX tcp -- * * 0.0.0.0/0 172.30.15.31 /* logging/logging-kibana-ops: cluster IP */ tcp dpt:443
0 0 KUBE-SVC-FSH7N57EENK63AIB tcp -- * * 0.0.0.0/0 172.30.86.186 /* examples/deployment-example:8080-tcp cluster IP */ tcp dpt:8080
0 0 KUBE-SVC-MGUCQ3MEKFLFZD5D tcp -- * * 0.0.0.0/0 172.30.249.191 /* sc-report/whatever:8080-tcp cluster IP */ tcp dpt:8080
0 0 KUBE-SVC-TV6NXBMSG6DOA4QY tcp -- * * 0.0.0.0/0 172.30.18.77 /* example/phoenix-example:5000-tcp cluster IP */ tcp dpt:5000
0 0 KUBE-SVC-QYGJJXVQ2UYGAWS7 tcp -- * * 0.0.0.0/0 172.30.226.53 /* python-ex/python-ex:8080-tcp cluster IP */ tcp dpt:8080
0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 172.30.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
0 0 KUBE-SVC-3VQ6B3MLH7E2SZT4 udp -- * * 0.0.0.0/0 172.30.0.1 /* default/kubernetes:dns cluster IP */ udp dpt:53
0 0 KUBE-SVC-IKV43KYNCXS2W7KZ tcp -- * * 0.0.0.0/0 172.30.199.39 /* default/router:443-tcp cluster IP */ tcp dpt:443
0 0 KUBE-SVC-4JCRTMMYZAAYMIJ2 tcp -- * * 0.0.0.0/0 172.30.199.39 /* default/router:1936-tcp cluster IP */ tcp dpt:1936
0 0 KUBE-SVC-ECTPRXTXBM34L34Q tcp -- * * 0.0.0.0/0 172.30.85.174 /* default/docker-registry:5000-tcp cluster IP */ tcp dpt:5000
0 0 KUBE-SVC-BWSQUABZDDFLJOKN tcp -- * * 0.0.0.0/0 172.30.78.126 /* logging/logging-es: cluster IP */ tcp dpt:9200
0 0 KUBE-SVC-JP6JYE3JDMJ747NX tcp -- * * 0.0.0.0/0 172.30.1.121 /* logging/logging-kibana: cluster IP */ tcp dpt:443
0 0 KUBE-SVC-5UUV63F72STAGP5R tcp -- * * 0.0.0.0/0 172.30.125.0 /* sc-report/nodejs-example:web cluster IP */ tcp dpt:8080
0 0 KUBE-SVC-POL4FA372DYH6IF5 tcp -- * * 0.0.0.0/0 172.30.9.207 /* example/express:3000-tcp cluster IP */ tcp dpt:3000
0 0 KUBE-SVC-AJC7VGAIP4GTP57I tcp -- * * 0.0.0.0/0 172.30.45.174 /* sc-report/sc-report:8080-tcp cluster IP */ tcp dpt:8080
0 0 KUBE-SVC-5G7SPSMEXDFK427C tcp -- * * 0.0.0.0/0 172.30.134.82 /* example/node-test:3000-tcp cluster IP */ tcp dpt:3000
0 0 KUBE-SVC-ML4GI5VB2QZ57S66 tcp -- * * 0.0.0.0/0 172.30.89.145 /* logging/logging-es-ops: cluster IP */ tcp dpt:9200
143 15024 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL
Chain KUBE-SVC-3VQ6B3MLH7E2SZT4 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-EZOMAFYU7TFOW2WR all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:dns */
Chain KUBE-SVC-4JCRTMMYZAAYMIJ2 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-PHAWW3ODVTFD4CIT all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:1936-tcp */
Chain KUBE-SVC-5G7SPSMEXDFK427C (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-3FFFU3GRWW672DY4 all -- * * 0.0.0.0/0 0.0.0.0/0 /* example/node-test:3000-tcp */
Chain KUBE-SVC-5UUV63F72STAGP5R (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SVC-AJC7VGAIP4GTP57I (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SVC-BA6I5HTZKAAAJT56 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-EDX7I3OQPLBHQQHE all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:dns-tcp */
Chain KUBE-SVC-BWSQUABZDDFLJOKN (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-W4OMTRPPLQAB4QDY all -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-es: */ statistic mode random probability 0.50000000000
0 0 KUBE-SEP-5AMZJJLWITY4BZ55 all -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-es: */
Chain KUBE-SVC-ECTPRXTXBM34L34Q (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SVC-FSH7N57EENK63AIB (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-GL6LUTT4HSQ5BGTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* examples/deployment-example:8080-tcp */
Chain KUBE-SVC-GNQKRDLPFWE3LILX (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SVC-GQKZAHCS5DTMHUQ6 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-LCVT22FCM7KBVKCD all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:80-tcp */
Chain KUBE-SVC-IKV43KYNCXS2W7KZ (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-XL6UVOXWRRFJXNEL all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:443-tcp */
Chain KUBE-SVC-JP6JYE3JDMJ747NX (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-HQIYTXIQ7JWVB7J5 all -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-kibana: */
Chain KUBE-SVC-MGUCQ3MEKFLFZD5D (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SVC-ML4GI5VB2QZ57S66 (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SVC-MVEOC3KQXP26WZMX (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-RPAUWPJ7MEEPDHIV all -- * * 0.0.0.0/0 0.0.0.0/0 /* example/deployment-example:8080-tcp */
Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-WXFBZ657UKUAPQKT all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */
Chain KUBE-SVC-POL4FA372DYH6IF5 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-4BN4Q5DZZLMRJNIB all -- * * 0.0.0.0/0 0.0.0.0/0 /* example/express:3000-tcp */
Chain KUBE-SVC-QYGJJXVQ2UYGAWS7 (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SVC-TV6NXBMSG6DOA4QY (1 references)
pkts bytes target prot opt in out source destination
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment