lbroudoux/gist:a50aef1825fa12bca57ce2310d3e50d8

## gistfile1.txt
[docker@knative ~]$ sudo su -
[root@knative ~]#  iptables -L -n -v
Chain INPUT (policy ACCEPT 12729 packets, 3049K bytes)
 pkts bytes target     prot opt in     out     source               destination
14114  854K KUBE-EXTERNAL-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW /* kubernetes externally-visible service portals */
5292K 2513M KUBE-NODEPORT-NON-LOCAL  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Ensure that non-local NodePort traffic can flow */
5328K 2641M KUBE-FIREWALL  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 142M   17G KUBE-FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes forwarding rules */
 142M   17G DOCKER-ISOLATION  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 142M   17G DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
 627K  524M ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
52950 4187K ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
 141M   17G ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 12718 packets, 3725K bytes)
 pkts bytes target     prot opt in     out     source               destination
21014 1262K KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW /* kubernetes service portals */
5324K 1692M KUBE-FIREWALL  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER-ISOLATION (1 references)
 pkts bytes target     prot opt in     out     source               destination
 142M   17G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain KUBE-EXTERNAL-SERVICES (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain KUBE-FIREWALL (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

Chain KUBE-FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes forwarding rules */ mark match 0x1/0x1

Chain KUBE-NODEPORT-NON-LOCAL (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain KUBE-SERVICES (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            172.30.187.136       /* myproject/helloworld-go-00001-service:http has no endpoints */ tcp dpt:80 reject-with icmp-port-unreachable
	[docker@knative ~]$ sudo su -
	[root@knative ~]# iptables -L -n -v
	Chain INPUT (policy ACCEPT 12729 packets, 3049K bytes)
	pkts bytes target prot opt in out source destination
	14114 854K KUBE-EXTERNAL-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */
	5292K 2513M KUBE-NODEPORT-NON-LOCAL all -- * * 0.0.0.0/0 0.0.0.0/0 /* Ensure that non-local NodePort traffic can flow */
	5328K 2641M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0

	Chain FORWARD (policy DROP 0 packets, 0 bytes)
	pkts bytes target prot opt in out source destination
	142M 17G KUBE-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */
	142M 17G DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
	142M 17G DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
	627K 524M ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
	52950 4187K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
	141M 17G ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0

	Chain OUTPUT (policy ACCEPT 12718 packets, 3725K bytes)
	pkts bytes target prot opt in out source destination
	21014 1262K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */
	5324K 1692M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0

	Chain DOCKER (1 references)
	pkts bytes target prot opt in out source destination

	Chain DOCKER-ISOLATION (1 references)
	pkts bytes target prot opt in out source destination
	142M 17G RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

	Chain KUBE-EXTERNAL-SERVICES (1 references)
	pkts bytes target prot opt in out source destination

	Chain KUBE-FIREWALL (2 references)
	pkts bytes target prot opt in out source destination
	0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

	Chain KUBE-FORWARD (1 references)
	pkts bytes target prot opt in out source destination
	0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x1/0x1

	Chain KUBE-NODEPORT-NON-LOCAL (1 references)
	pkts bytes target prot opt in out source destination

	Chain KUBE-SERVICES (1 references)
	pkts bytes target prot opt in out source destination
	0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.187.136 /* myproject/helloworld-go-00001-service:http has no endpoints */ tcp dpt:80 reject-with icmp-port-unreachable