luksa/gist:260f91515c9c9c3ba67499614abffa44

## gistfile1.txt
$ sudo iptables --list -t nat -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
KUBE-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
KUBE-POSTROUTING  all  --  0.0.0.0/0            0.0.0.0/0            /* kubernetes postrouting rules */
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain KUBE-MARK-DROP (0 references)
target     prot opt source               destination
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK or 0x8000

Chain KUBE-MARK-MASQ (8 references)
target     prot opt source               destination
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK or 0x4000

Chain KUBE-NODEPORTS (1 references)
target     prot opt source               destination
KUBE-MARK-MASQ  tcp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/kubernetes-dashboard: */ tcp dpt:30000
KUBE-SVC-XGLOHA7QRQ3V22RZ  tcp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/kubernetes-dashboard: */ tcp dpt:30000

Chain KUBE-POSTROUTING (1 references)
target     prot opt source               destination
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0            /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

Chain KUBE-SEP-2AMR4GNIYH7ZRQLQ (2 references)
target     prot opt source               destination
KUBE-MARK-MASQ  all  --  10.0.2.15            0.0.0.0/0            /* default/kubernetes:https */
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ recent: SET name: KUBE-SEP-2AMR4GNIYH7ZRQLQ side: source mask: 255.255.255.255 tcp to:10.0.2.15:8443

Chain KUBE-SEP-5YDXDEK4G6R44KYW (1 references)
target     prot opt source               destination
KUBE-MARK-MASQ  all  --  172.17.0.2           0.0.0.0/0            /* default/kubia: */
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* default/kubia: */ tcp to:172.17.0.2:8080

Chain KUBE-SEP-65576RQCY3UGLIWA (1 references)
target     prot opt source               destination
KUBE-MARK-MASQ  all  --  172.17.0.5           0.0.0.0/0            /* default/kubia: */
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* default/kubia: */ tcp to:172.17.0.5:8080

Chain KUBE-SEP-7A24ZR7CMRAAUHS3 (1 references)
target     prot opt source               destination
KUBE-MARK-MASQ  all  --  172.17.0.7           0.0.0.0/0            /* kube-system/kubernetes-dashboard: */
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/kubernetes-dashboard: */ tcp to:172.17.0.7:9090

Chain KUBE-SEP-KSEXFMWMRI5G7WZJ (1 references)
target     prot opt source               destination
KUBE-MARK-MASQ  all  --  172.17.0.8           0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */ tcp to:172.17.0.8:53

Chain KUBE-SEP-PERL6L2Q363TRRKS (1 references)
target     prot opt source               destination
KUBE-MARK-MASQ  all  --  172.17.0.6           0.0.0.0/0            /* default/kubia: */
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* default/kubia: */ tcp to:172.17.0.6:8080

Chain KUBE-SEP-VMQQTFLPA6MBD6DO (1 references)
target     prot opt source               destination
KUBE-MARK-MASQ  all  --  172.17.0.8           0.0.0.0/0            /* kube-system/kube-dns:dns */
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns */ udp to:172.17.0.8:53

Chain KUBE-SERVICES (2 references)
target     prot opt source               destination
KUBE-SVC-NPX46M4PTMTKRN6Y  tcp  --  0.0.0.0/0            10.0.0.1             /* default/kubernetes:https cluster IP */ tcp dpt:443
KUBE-SVC-TCOU7JCQXEZGVUNU  udp  --  0.0.0.0/0            10.0.0.10            /* kube-system/kube-dns:dns cluster IP */ udp dpt:53
KUBE-SVC-L5EAUEZ74VZL5GSC  tcp  --  0.0.0.0/0            10.0.0.238           /* default/kubia: cluster IP */ tcp dpt:80
KUBE-SVC-ERIFXISQEP7F7OF4  tcp  --  0.0.0.0/0            10.0.0.10            /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53
KUBE-SVC-XGLOHA7QRQ3V22RZ  tcp  --  0.0.0.0/0            10.0.0.192           /* kube-system/kubernetes-dashboard: cluster IP */ tcp dpt:80
KUBE-NODEPORTS  all  --  0.0.0.0/0            0.0.0.0/0            /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL

Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references)
target     prot opt source               destination
KUBE-SEP-KSEXFMWMRI5G7WZJ  all  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */

Chain KUBE-SVC-L5EAUEZ74VZL5GSC (1 references)
target     prot opt source               destination
KUBE-SEP-5YDXDEK4G6R44KYW  all  --  0.0.0.0/0            0.0.0.0/0            /* default/kubia: */ statistic mode random probability 0.33332999982
KUBE-SEP-65576RQCY3UGLIWA  all  --  0.0.0.0/0            0.0.0.0/0            /* default/kubia: */ statistic mode random probability 0.50000000000
KUBE-SEP-PERL6L2Q363TRRKS  all  --  0.0.0.0/0            0.0.0.0/0            /* default/kubia: */

Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
target     prot opt source               destination
KUBE-SEP-2AMR4GNIYH7ZRQLQ  all  --  0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-2AMR4GNIYH7ZRQLQ side: source mask: 255.255.255.255
KUBE-SEP-2AMR4GNIYH7ZRQLQ  all  --  0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */

Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references)
target     prot opt source               destination
KUBE-SEP-VMQQTFLPA6MBD6DO  all  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns */

Chain KUBE-SVC-XGLOHA7QRQ3V22RZ (2 references)
target     prot opt source               destination
KUBE-SEP-7A24ZR7CMRAAUHS3  all  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/kubernetes-dashboard: */
	$ sudo iptables --list -t nat -n
	Chain PREROUTING (policy ACCEPT)
	target prot opt source destination
	KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
	DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

	Chain INPUT (policy ACCEPT)
	target prot opt source destination

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination
	KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
	DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

	Chain POSTROUTING (policy ACCEPT)
	target prot opt source destination
	KUBE-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */
	MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0

	Chain DOCKER (2 references)
	target prot opt source destination
	RETURN all -- 0.0.0.0/0 0.0.0.0/0

	Chain KUBE-MARK-DROP (0 references)
	target prot opt source destination
	MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000

	Chain KUBE-MARK-MASQ (8 references)
	target prot opt source destination
	MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000

	Chain KUBE-NODEPORTS (1 references)
	target prot opt source destination
	KUBE-MARK-MASQ tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ tcp dpt:30000
	KUBE-SVC-XGLOHA7QRQ3V22RZ tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ tcp dpt:30000

	Chain KUBE-POSTROUTING (1 references)
	target prot opt source destination
	MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

	Chain KUBE-SEP-2AMR4GNIYH7ZRQLQ (2 references)
	target prot opt source destination
	KUBE-MARK-MASQ all -- 10.0.2.15 0.0.0.0/0 /* default/kubernetes:https */
	DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-2AMR4GNIYH7ZRQLQ side: source mask: 255.255.255.255 tcp to:10.0.2.15:8443

	Chain KUBE-SEP-5YDXDEK4G6R44KYW (1 references)
	target prot opt source destination
	KUBE-MARK-MASQ all -- 172.17.0.2 0.0.0.0/0 /* default/kubia: */
	DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ tcp to:172.17.0.2:8080

	Chain KUBE-SEP-65576RQCY3UGLIWA (1 references)
	target prot opt source destination
	KUBE-MARK-MASQ all -- 172.17.0.5 0.0.0.0/0 /* default/kubia: */
	DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ tcp to:172.17.0.5:8080

	Chain KUBE-SEP-7A24ZR7CMRAAUHS3 (1 references)
	target prot opt source destination
	KUBE-MARK-MASQ all -- 172.17.0.7 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */
	DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ tcp to:172.17.0.7:9090

	Chain KUBE-SEP-KSEXFMWMRI5G7WZJ (1 references)
	target prot opt source destination
	KUBE-MARK-MASQ all -- 172.17.0.8 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */
	DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:172.17.0.8:53

	Chain KUBE-SEP-PERL6L2Q363TRRKS (1 references)
	target prot opt source destination
	KUBE-MARK-MASQ all -- 172.17.0.6 0.0.0.0/0 /* default/kubia: */
	DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ tcp to:172.17.0.6:8080

	Chain KUBE-SEP-VMQQTFLPA6MBD6DO (1 references)
	target prot opt source destination
	KUBE-MARK-MASQ all -- 172.17.0.8 0.0.0.0/0 /* kube-system/kube-dns:dns */
	DNAT udp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:172.17.0.8:53

	Chain KUBE-SERVICES (2 references)
	target prot opt source destination
	KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- 0.0.0.0/0 10.0.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
	KUBE-SVC-TCOU7JCQXEZGVUNU udp -- 0.0.0.0/0 10.0.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53
	KUBE-SVC-L5EAUEZ74VZL5GSC tcp -- 0.0.0.0/0 10.0.0.238 /* default/kubia: cluster IP */ tcp dpt:80
	KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- 0.0.0.0/0 10.0.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53
	KUBE-SVC-XGLOHA7QRQ3V22RZ tcp -- 0.0.0.0/0 10.0.0.192 /* kube-system/kubernetes-dashboard: cluster IP */ tcp dpt:80
	KUBE-NODEPORTS all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL

	Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references)
	target prot opt source destination
	KUBE-SEP-KSEXFMWMRI5G7WZJ all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */

	Chain KUBE-SVC-L5EAUEZ74VZL5GSC (1 references)
	target prot opt source destination
	KUBE-SEP-5YDXDEK4G6R44KYW all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ statistic mode random probability 0.33332999982
	KUBE-SEP-65576RQCY3UGLIWA all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ statistic mode random probability 0.50000000000
	KUBE-SEP-PERL6L2Q363TRRKS all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */

	Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
	target prot opt source destination
	KUBE-SEP-2AMR4GNIYH7ZRQLQ all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-2AMR4GNIYH7ZRQLQ side: source mask: 255.255.255.255
	KUBE-SEP-2AMR4GNIYH7ZRQLQ all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */

	Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references)
	target prot opt source destination
	KUBE-SEP-VMQQTFLPA6MBD6DO all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */

	Chain KUBE-SVC-XGLOHA7QRQ3V22RZ (2 references)
	target prot opt source destination
	KUBE-SEP-7A24ZR7CMRAAUHS3 all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */