Created
April 17, 2020 15:06
-
-
Save mjudeikis/8d47cfc44ccd4db297175b341e4f1ab3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@mjudeikis2-2m8l4-master-0 ~]# iptables-save | |
| # Generated by iptables-save v1.8.4 on Fri Apr 17 15:06:09 2020 | |
| *nat | |
| :PREROUTING ACCEPT [0:0] | |
| :INPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :KUBE-MARK-MASQ - [0:0] | |
| :KUBE-MARK-DROP - [0:0] | |
| :KUBE-POSTROUTING - [0:0] | |
| :OPENSHIFT-MASQUERADE-2 - [0:0] | |
| :OPENSHIFT-MASQUERADE - [0:0] | |
| :OPENSHIFT-SDN-CANARY - [0:0] | |
| :KUBE-PROXY-CANARY - [0:0] | |
| :KUBE-PORTALS-CONTAINER - [0:0] | |
| :KUBE-PORTALS-HOST - [0:0] | |
| :KUBE-NODEPORT-CONTAINER - [0:0] | |
| :KUBE-NODEPORT-HOST - [0:0] | |
| :KUBE-SERVICES - [0:0] | |
| :KUBE-NODEPORTS - [0:0] | |
| :KUBE-SVC-LR44LCGLBA5H46DK - [0:0] | |
| :KUBE-SEP-4MKABDUEK6SQGANH - [0:0] | |
| :KUBE-SVC-Z7PD6XV52AKYPMA5 - [0:0] | |
| :KUBE-SEP-TFBQ3LW6LJMJMZYL - [0:0] | |
| :KUBE-SEP-66KCLSMEYPIBRXHV - [0:0] | |
| :KUBE-SEP-MV4MA7S6DITYQYQF - [0:0] | |
| :KUBE-SVC-SSFS4UJOKJYBUN2S - [0:0] | |
| :KUBE-SEP-PDAC5UM2WRGDGVSA - [0:0] | |
| :KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0] | |
| :KUBE-SVC-LS7JF6SL4ODP2YA4 - [0:0] | |
| :KUBE-SEP-7PECFMJYXF5BCIVY - [0:0] | |
| :KUBE-SVC-7CKPKLVT4G7W7WIT - [0:0] | |
| :KUBE-SEP-SUNUKU4IJECIHK4S - [0:0] | |
| :KUBE-SEP-UPDDOFHFK4SCPB3U - [0:0] | |
| :KUBE-SEP-HQUPCX43SFAV5AZ7 - [0:0] | |
| :KUBE-SVC-QULEBL73AVYTGTRT - [0:0] | |
| :KUBE-SEP-5GCOXTJJFPR67ZKJ - [0:0] | |
| :KUBE-SVC-UIDONVFEB6LPHORF - [0:0] | |
| :KUBE-SEP-CKCIJZY6ER6ZVXUI - [0:0] | |
| :KUBE-SVC-2TW25BGER7T666BH - [0:0] | |
| :KUBE-SEP-2LJ2RIDXEH5JNBFF - [0:0] | |
| :KUBE-SEP-QHEH55RP4BDHEZAS - [0:0] | |
| :KUBE-SVC-PFY2VR2AT5VQM74G - [0:0] | |
| :KUBE-SEP-CY6KPAGKWMWFIRXE - [0:0] | |
| :KUBE-SEP-IACO2RVRGQGJEOA6 - [0:0] | |
| :KUBE-SEP-QFFSYQA22SPY5BSG - [0:0] | |
| :KUBE-SEP-MYBVI7IJ6ASPFSYE - [0:0] | |
| :KUBE-SVC-BGNS3J6UB7MMLVDO - [0:0] | |
| :KUBE-SEP-E5OFJKEMZ5KIXQUH - [0:0] | |
| :KUBE-SVC-6BRQXW4I6ZZ3LHZH - [0:0] | |
| :KUBE-SEP-PHEQ2KCCMZFMSGIF - [0:0] | |
| :KUBE-SVC-P2RWE722QPZ5K3VW - [0:0] | |
| :KUBE-SEP-TI2SNOKAPOKRW5LP - [0:0] | |
| :KUBE-SEP-DM3EHCELV5E5AEYA - [0:0] | |
| :KUBE-SEP-3VRHH6OWW4QPQMXQ - [0:0] | |
| :KUBE-SEP-5S3APBVPZ32GSTDT - [0:0] | |
| :KUBE-SVC-ZU5C2KTEVGGF4RWY - [0:0] | |
| :KUBE-SEP-LCCR3RHAIHXV2BRY - [0:0] | |
| :KUBE-SEP-LLCLZU3LJLAMJMGC - [0:0] | |
| :KUBE-SEP-3QZETRZL74363VKR - [0:0] | |
| :KUBE-SVC-DYEHYI43W4Y6JVSZ - [0:0] | |
| :KUBE-SEP-3575BCAK7Z3BEHDH - [0:0] | |
| :KUBE-SVC-VQFT5ZCKL2KRMQ3Q - [0:0] | |
| :KUBE-SVC-BCVO45GDJF63HKMI - [0:0] | |
| :KUBE-SEP-EVFXMNDQKJHZB4TH - [0:0] | |
| :KUBE-SVC-CIUYVLZDADCHPTYT - [0:0] | |
| :KUBE-SEP-Y2MGYSMES5WWGD26 - [0:0] | |
| :KUBE-SVC-HH47JV2DWEPNMQEX - [0:0] | |
| :KUBE-SEP-ZDIX6XDZJUJUXFUD - [0:0] | |
| :KUBE-SVC-OGQPOTBHHZMRDA43 - [0:0] | |
| :KUBE-SVC-KHZTXOIJSDOQRG4A - [0:0] | |
| :KUBE-SEP-ZNLYTO3V66MCYVEM - [0:0] | |
| :KUBE-SVC-X7YGTN7QRQI2VNWZ - [0:0] | |
| :KUBE-SEP-5X6Y2VMNCVK2QNTY - [0:0] | |
| :KUBE-SEP-CXJ5BRCGRWT2MBC5 - [0:0] | |
| :KUBE-SVC-NM6OF7LZYCSWPYSN - [0:0] | |
| :KUBE-SVC-7J3OL37IT2UBOOAL - [0:0] | |
| :KUBE-SEP-2TBBYGT5DOG7XU6A - [0:0] | |
| :KUBE-SVC-A2G2ICINC4ZVGP64 - [0:0] | |
| :KUBE-SEP-YROTFQXQHSQGXEZB - [0:0] | |
| :KUBE-SVC-W22663DA36ETY3WD - [0:0] | |
| :KUBE-SEP-275PAV3N36TOVNL5 - [0:0] | |
| :KUBE-SVC-FO4YVUCBKKQXTXB6 - [0:0] | |
| :KUBE-SEP-G3UONUQSYCXEHDR2 - [0:0] | |
| :KUBE-SVC-FWPMMI34GVXXB7IX - [0:0] | |
| :KUBE-SEP-IUZGGXFV746265V4 - [0:0] | |
| :KUBE-SEP-3X645DT6WRENSOAH - [0:0] | |
| :KUBE-SVC-LG3WZOYAKHCJ6X6O - [0:0] | |
| :KUBE-SEP-DBJSNNLEDIEWWY3N - [0:0] | |
| :KUBE-SVC-6RVLNWC5AKEV5WJD - [0:0] | |
| :KUBE-SEP-XOPXOPSAZCLBWXGP - [0:0] | |
| :KUBE-SVC-K2TMANKUXS2PNXEQ - [0:0] | |
| :KUBE-SEP-MBGTYH3MZCSIDD2M - [0:0] | |
| :KUBE-SVC-DZZGCZT3USY56SM6 - [0:0] | |
| :KUBE-SEP-HP66AJLAOB73WEIV - [0:0] | |
| :KUBE-SVC-5IJVCVIN67YXVDZB - [0:0] | |
| :KUBE-SEP-7TRZ5MD2S4UK2BDL - [0:0] | |
| :KUBE-SVC-FPN24U5GX5G2TPXH - [0:0] | |
| :KUBE-SEP-3CQEY6W575RNLCTJ - [0:0] | |
| :KUBE-SEP-LVNHBVLF4MWHFIJR - [0:0] | |
| :KUBE-XLB-MBAZS3WDHL45BPIZ - [0:0] | |
| :KUBE-XLB-HEVFQXAKPPGAL4BV - [0:0] | |
| :KUBE-SEP-L556YJ6UGVI74FSG - [0:0] | |
| :KUBE-SEP-VQN24HUY56ODBRLC - [0:0] | |
| :KUBE-SVC-GGV3SPGNRULALRSD - [0:0] | |
| :KUBE-SEP-RIYAB2YZOV44WTFV - [0:0] | |
| :KUBE-SVC-H7AEPRVAHANZXX45 - [0:0] | |
| :KUBE-SEP-YYC4JUOQZCBQGIHX - [0:0] | |
| :KUBE-SEP-GHVXFLQNYR7WWSXK - [0:0] | |
| :KUBE-SEP-NXPU5O6MWGEOGW7G - [0:0] | |
| :KUBE-SEP-OR7JBYO4MKQ5UJ4Y - [0:0] | |
| :KUBE-SEP-WMHFJGI2LR73C37F - [0:0] | |
| :KUBE-SVC-PCIHMO4L5A7KAMRN - [0:0] | |
| :KUBE-SEP-AX4N2OIJBZ6L6NW6 - [0:0] | |
| :KUBE-SVC-U3LVBEEPLKGG5GBK - [0:0] | |
| :KUBE-SEP-IZB7IASTWRWDPDUO - [0:0] | |
| :KUBE-SVC-LMGCLHC2KUY6NS4N - [0:0] | |
| :KUBE-SEP-O3QI6YXMF3GYYNVV - [0:0] | |
| :KUBE-SVC-PIUKAOOLWSYDMVAC - [0:0] | |
| :KUBE-SEP-ZJ3NUGZEAM2KX5XS - [0:0] | |
| :KUBE-SVC-MBAZS3WDHL45BPIZ - [0:0] | |
| :KUBE-FW-MBAZS3WDHL45BPIZ - [0:0] | |
| :KUBE-SEP-AUMVJX6JLBB36IHN - [0:0] | |
| :KUBE-SVC-HEVFQXAKPPGAL4BV - [0:0] | |
| :KUBE-FW-HEVFQXAKPPGAL4BV - [0:0] | |
| :KUBE-SEP-SG4EKRKXOIXUBZGS - [0:0] | |
| :KUBE-SVC-DK4IP773FHBZHRYV - [0:0] | |
| :KUBE-SEP-WHVTXXRMUERVC646 - [0:0] | |
| :KUBE-SEP-YZS5LHMFTC7U6SIQ - [0:0] | |
| :KUBE-SEP-PH2ASWYNLI2DYMIN - [0:0] | |
| :KUBE-SEP-UVFCNGV6WQ5INIVA - [0:0] | |
| :KUBE-SEP-AGAQSR6UN7LM4Q3T - [0:0] | |
| :KUBE-SEP-JRKT7YCALWYY3RJX - [0:0] | |
| :KUBE-SEP-RAJ254MEJTDXCDLZ - [0:0] | |
| :KUBE-SEP-SV3ZDF2LO63JRNJE - [0:0] | |
| :KUBE-SEP-TDAY2MPUANYP5FU7 - [0:0] | |
| :KUBE-SVC-SGDZNVXMHJCPEAE2 - [0:0] | |
| :KUBE-SEP-SU2TXBNY333DTHCH - [0:0] | |
| :KUBE-SEP-PZVC34PCEQ7JO5N6 - [0:0] | |
| :KUBE-SEP-PWVCTICZJSO5WW7H - [0:0] | |
| :KUBE-SEP-DBYB5VZPULVAS2HQ - [0:0] | |
| :KUBE-SEP-H2TMZMMXORBJSMY7 - [0:0] | |
| :KUBE-SEP-Q2CKVGAJBCLC4NIZ - [0:0] | |
| :KUBE-SEP-GGBDTYQM4MIEJQZY - [0:0] | |
| :KUBE-SEP-IP4LG6S4IPL2QMQ5 - [0:0] | |
| :KUBE-SEP-45DPDJDJZKV3W742 - [0:0] | |
| :KUBE-SEP-RA2MB4QR6Z4IPI73 - [0:0] | |
| :KUBE-SEP-ZKIQJVEDSSSPBPQK - [0:0] | |
| :KUBE-SEP-52RPOOWXY56MOSWI - [0:0] | |
| :KUBE-SEP-VOJUUQ3QS5SEU2ME - [0:0] | |
| :KUBE-SVC-IV3NQG4XWAFU5C3Q - [0:0] | |
| :KUBE-SEP-NLQVHDOOTXPCZAGV - [0:0] | |
| :KUBE-SEP-XKO6FJDOAL5M4NNL - [0:0] | |
| :KUBE-SEP-PKG5ALPKHH5V2W2D - [0:0] | |
| :KUBE-SEP-CITEMVSI5PWPXE6A - [0:0] | |
| :KUBE-SEP-YKRAKS7ODW7WGAVJ - [0:0] | |
| :KUBE-SVC-2O3SXCDVWWS7KYC5 - [0:0] | |
| :KUBE-SEP-I2SWZVM3HXJFH5TS - [0:0] | |
| :KUBE-SEP-V7XAGOKAFMZQI5F7 - [0:0] | |
| :KUBE-SEP-RXKOCVK62FPTQVQN - [0:0] | |
| :KUBE-SEP-H24X4T72C4RE2CUR - [0:0] | |
| :KUBE-SEP-GD4IADR3FQ46NIKJ - [0:0] | |
| :KUBE-SEP-STJIA6VIFOF562TA - [0:0] | |
| :KUBE-SVC-GDUOWZ6AYLOEFLKA - [0:0] | |
| :KUBE-SEP-ALUZXWIYXAQ74JOP - [0:0] | |
| :KUBE-SVC-QBIGAHEJ6S2DZFMU - [0:0] | |
| :KUBE-SEP-6QH4MRKB2FHCICVC - [0:0] | |
| :KUBE-SVC-RD6ZTFGQGXUEWIFM - [0:0] | |
| :KUBE-SEP-GCBED77JG6GVQVWL - [0:0] | |
| :KUBE-SVC-WHIODLEQRXTXJ6C7 - [0:0] | |
| :KUBE-SEP-7TTVWRI5RODCVPOB - [0:0] | |
| :KUBE-SEP-4IC5M6EX4P3TRWQV - [0:0] | |
| :KUBE-SVC-G5A7ID5ATXHWKRS5 - [0:0] | |
| :KUBE-SVC-C4CT6K4SQFWI5WLJ - [0:0] | |
| :KUBE-SEP-FD53R25E7TWOKWFJ - [0:0] | |
| :KUBE-SEP-BOAGM7U7HUO54BSO - [0:0] | |
| :KUBE-SEP-IVMUQO6SECE54UQQ - [0:0] | |
| :KUBE-SEP-WVBE4BK7PNAWED5E - [0:0] | |
| :KUBE-SEP-AQU3TUXSRRYA3P4M - [0:0] | |
| :KUBE-SEP-IVHZT2XMCTGDO36U - [0:0] | |
| :KUBE-SVC-PML2I3IN4LX2JLFY - [0:0] | |
| :KUBE-SEP-6B7UNS2PSWJBCGBU - [0:0] | |
| -A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A PREROUTING -m comment --comment "handle ClusterIPs; NOTE: this must be before the NodePort rules" -j KUBE-PORTALS-CONTAINER | |
| -A PREROUTING -m addrtype --dst-type LOCAL -m comment --comment "handle service NodePorts; NOTE: this must be the last rule in the chain" -j KUBE-NODEPORT-CONTAINER | |
| -A POSTROUTING -m comment --comment "rules for masquerading OpenShift traffic" -j OPENSHIFT-MASQUERADE | |
| -A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING | |
| -A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A OUTPUT -m comment --comment "handle ClusterIPs; NOTE: this must be before the NodePort rules" -j KUBE-PORTALS-HOST | |
| -A OUTPUT -m addrtype --dst-type LOCAL -m comment --comment "handle service NodePorts; NOTE: this must be the last rule in the chain" -j KUBE-NODEPORT-HOST | |
| -A KUBE-MARK-MASQ -j MARK --set-xmark 0x1/0x1 | |
| -A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000 | |
| -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x1/0x1 -j MASQUERADE --random-fully | |
| -A OPENSHIFT-MASQUERADE-2 -d 10.128.0.0/14 -m comment --comment "masquerade pod-to-external traffic" -j RETURN | |
| -A OPENSHIFT-MASQUERADE-2 -j MASQUERADE | |
| -A OPENSHIFT-MASQUERADE -m mark --mark 0x1/0x1 -j RETURN | |
| -A OPENSHIFT-MASQUERADE -s 10.128.0.0/14 -m comment --comment "masquerade pod-to-external traffic" -j OPENSHIFT-MASQUERADE-2 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.92.162/32 -p tcp -m comment --comment "openshift-monitoring/grafana2:https cluster IP" -m tcp --dport 3001 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.92.162/32 -p tcp -m comment --comment "openshift-monitoring/grafana2:https cluster IP" -m tcp --dport 3001 -j KUBE-SVC-QBIGAHEJ6S2DZFMU | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.191.57/32 -p tcp -m comment --comment "openshift-machine-api/cluster-autoscaler-operator:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.191.57/32 -p tcp -m comment --comment "openshift-machine-api/cluster-autoscaler-operator:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-H7AEPRVAHANZXX45 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.0.10/32 -p tcp -m comment --comment "openshift-dns/dns-default:metrics cluster IP" -m tcp --dport 9153 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.0.10/32 -p tcp -m comment --comment "openshift-dns/dns-default:metrics cluster IP" -m tcp --dport 9153 -j KUBE-SVC-P2RWE722QPZ5K3VW | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.99.72/32 -p tcp -m comment --comment "openshift-operator-lifecycle-manager/v1-packages-operators-coreos-com: cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.99.72/32 -p tcp -m comment --comment "openshift-operator-lifecycle-manager/v1-packages-operators-coreos-com: cluster IP" -m tcp --dport 443 -j KUBE-SVC-7J3OL37IT2UBOOAL | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.90.67/32 -p tcp -m comment --comment "openshift-ingress/router-default:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.90.67/32 -p tcp -m comment --comment "openshift-ingress/router-default:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-MBAZS3WDHL45BPIZ | |
| -A KUBE-SERVICES -d 52.142.38.91/32 -p tcp -m comment --comment "openshift-ingress/router-default:https loadbalancer IP" -m tcp --dport 443 -j KUBE-FW-MBAZS3WDHL45BPIZ | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.37.45/32 -p tcp -m comment --comment "openshift-monitoring/grafana:https cluster IP" -m tcp --dport 3000 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.37.45/32 -p tcp -m comment --comment "openshift-monitoring/grafana:https cluster IP" -m tcp --dport 3000 -j KUBE-SVC-RD6ZTFGQGXUEWIFM | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.71.216/32 -p tcp -m comment --comment "openshift-console-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.71.216/32 -p tcp -m comment --comment "openshift-console-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-6RVLNWC5AKEV5WJD | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.217.172/32 -p tcp -m comment --comment "openshift-ingress/router-internal-default:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.217.172/32 -p tcp -m comment --comment "openshift-ingress/router-internal-default:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-U3LVBEEPLKGG5GBK | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.111.123/32 -p tcp -m comment --comment "openshift-etcd/etcd:etcd cluster IP" -m tcp --dport 2379 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.111.123/32 -p tcp -m comment --comment "openshift-etcd/etcd:etcd cluster IP" -m tcp --dport 2379 -j KUBE-SVC-7CKPKLVT4G7W7WIT | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.29.163/32 -p tcp -m comment --comment "openshift-authentication-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.29.163/32 -p tcp -m comment --comment "openshift-authentication-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-FWPMMI34GVXXB7IX | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.151.24/32 -p tcp -m comment --comment "openshift-marketplace/certified-operators:grpc cluster IP" -m tcp --dport 50051 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.151.24/32 -p tcp -m comment --comment "openshift-marketplace/certified-operators:grpc cluster IP" -m tcp --dport 50051 -j KUBE-SVC-PML2I3IN4LX2JLFY | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.90.67/32 -p tcp -m comment --comment "openshift-ingress/router-default:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.90.67/32 -p tcp -m comment --comment "openshift-ingress/router-default:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-HEVFQXAKPPGAL4BV | |
| -A KUBE-SERVICES -d 52.142.38.91/32 -p tcp -m comment --comment "openshift-ingress/router-default:http loadbalancer IP" -m tcp --dport 80 -j KUBE-FW-HEVFQXAKPPGAL4BV | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.216.72/32 -p tcp -m comment --comment "openshift-apiserver-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.216.72/32 -p tcp -m comment --comment "openshift-apiserver-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-CIUYVLZDADCHPTYT | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.191.57/32 -p tcp -m comment --comment "openshift-machine-api/cluster-autoscaler-operator:metrics cluster IP" -m tcp --dport 9192 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.191.57/32 -p tcp -m comment --comment "openshift-machine-api/cluster-autoscaler-operator:metrics cluster IP" -m tcp --dport 9192 -j KUBE-SVC-GGV3SPGNRULALRSD | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.68.57/32 -p tcp -m comment --comment "openshift-machine-config-operator/machine-config-daemon:metrics cluster IP" -m tcp --dport 9001 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.68.57/32 -p tcp -m comment --comment "openshift-machine-config-operator/machine-config-daemon:metrics cluster IP" -m tcp --dport 9001 -j KUBE-SVC-PFY2VR2AT5VQM74G | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.23.40/32 -p tcp -m comment --comment "openshift-machine-api/machine-api-operator:https cluster IP" -m tcp --dport 8443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.23.40/32 -p tcp -m comment --comment "openshift-machine-api/machine-api-operator:https cluster IP" -m tcp --dport 8443 -j KUBE-SVC-UIDONVFEB6LPHORF | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.0.10/32 -p tcp -m comment --comment "openshift-dns/dns-default:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.0.10/32 -p tcp -m comment --comment "openshift-dns/dns-default:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-6BRQXW4I6ZZ3LHZH | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.111.123/32 -p tcp -m comment --comment "openshift-etcd/etcd:etcd-metrics cluster IP" -m tcp --dport 9979 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.111.123/32 -p tcp -m comment --comment "openshift-etcd/etcd:etcd-metrics cluster IP" -m tcp --dport 9979 -j KUBE-SVC-Z7PD6XV52AKYPMA5 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.118.132/32 -p tcp -m comment --comment "openshift-controller-manager-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.118.132/32 -p tcp -m comment --comment "openshift-controller-manager-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-DYEHYI43W4Y6JVSZ | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.225.93/32 -p tcp -m comment --comment "openshift-cloud-credential-operator/cco-metrics:cco-metrics cluster IP" -m tcp --dport 2112 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.225.93/32 -p tcp -m comment --comment "openshift-cloud-credential-operator/cco-metrics:cco-metrics cluster IP" -m tcp --dport 2112 -j KUBE-SVC-SSFS4UJOKJYBUN2S | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.87.126/32 -p tcp -m comment --comment "openshift-kube-controller-manager-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.87.126/32 -p tcp -m comment --comment "openshift-kube-controller-manager-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-BCVO45GDJF63HKMI | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.2.54/32 -p tcp -m comment --comment "openshift-console/console:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.2.54/32 -p tcp -m comment --comment "openshift-console/console:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-2O3SXCDVWWS7KYC5 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.0.10/32 -p udp -m comment --comment "openshift-dns/dns-default:dns cluster IP" -m udp --dport 53 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.0.10/32 -p udp -m comment --comment "openshift-dns/dns-default:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-BGNS3J6UB7MMLVDO | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.91.112/32 -p tcp -m comment --comment "openshift-monitoring/thanos-querier:web cluster IP" -m tcp --dport 9091 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.91.112/32 -p tcp -m comment --comment "openshift-monitoring/thanos-querier:web cluster IP" -m tcp --dport 9091 -j KUBE-SVC-G5A7ID5ATXHWKRS5 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.91.112/32 -p tcp -m comment --comment "openshift-monitoring/thanos-querier:tenancy cluster IP" -m tcp --dport 9092 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.91.112/32 -p tcp -m comment --comment "openshift-monitoring/thanos-querier:tenancy cluster IP" -m tcp --dport 9092 -j KUBE-SVC-C4CT6K4SQFWI5WLJ | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.183.140/32 -p tcp -m comment --comment "openshift-kube-apiserver-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.183.140/32 -p tcp -m comment --comment "openshift-kube-apiserver-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-KHZTXOIJSDOQRG4A | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.142.69/32 -p tcp -m comment --comment "openshift-controller-manager/controller-manager:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.142.69/32 -p tcp -m comment --comment "openshift-controller-manager/controller-manager:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-ZU5C2KTEVGGF4RWY | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.136.41/32 -p tcp -m comment --comment "openshift-marketplace/marketplace-operator-metrics:metrics cluster IP" -m tcp --dport 8383 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.136.41/32 -p tcp -m comment --comment "openshift-marketplace/marketplace-operator-metrics:metrics cluster IP" -m tcp --dport 8383 -j KUBE-SVC-LG3WZOYAKHCJ6X6O | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.217.172/32 -p tcp -m comment --comment "openshift-ingress/router-internal-default:metrics cluster IP" -m tcp --dport 1936 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.217.172/32 -p tcp -m comment --comment "openshift-ingress/router-internal-default:metrics cluster IP" -m tcp --dport 1936 -j KUBE-SVC-LMGCLHC2KUY6NS4N | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.251.172/32 -p tcp -m comment --comment "openshift-operator-lifecycle-manager/catalog-operator-metrics:https-metrics cluster IP" -m tcp --dport 8081 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.251.172/32 -p tcp -m comment --comment "openshift-operator-lifecycle-manager/catalog-operator-metrics:https-metrics cluster IP" -m tcp --dport 8081 -j KUBE-SVC-A2G2ICINC4ZVGP64 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.52.27/32 -p tcp -m comment --comment "openshift-cloud-credential-operator/controller-manager-service: cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.52.27/32 -p tcp -m comment --comment "openshift-cloud-credential-operator/controller-manager-service: cluster IP" -m tcp --dport 443 -j KUBE-SVC-LS7JF6SL4ODP2YA4 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.221.57/32 -p tcp -m comment --comment "openshift-dns-operator/metrics:metrics cluster IP" -m tcp --dport 9393 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.221.57/32 -p tcp -m comment --comment "openshift-dns-operator/metrics:metrics cluster IP" -m tcp --dport 9393 -j KUBE-SVC-2TW25BGER7T666BH | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.116.63/32 -p tcp -m comment --comment "openshift-marketplace/redhat-operators:grpc cluster IP" -m tcp --dport 50051 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.116.63/32 -p tcp -m comment --comment "openshift-marketplace/redhat-operators:grpc cluster IP" -m tcp --dport 50051 -j KUBE-SVC-SGDZNVXMHJCPEAE2 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.217.172/32 -p tcp -m comment --comment "openshift-ingress/router-internal-default:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.217.172/32 -p tcp -m comment --comment "openshift-ingress/router-internal-default:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-PIUKAOOLWSYDMVAC | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.5.142/32 -p tcp -m comment --comment "openshift-operator-lifecycle-manager/olm-operator-metrics:https-metrics cluster IP" -m tcp --dport 8081 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.5.142/32 -p tcp -m comment --comment "openshift-operator-lifecycle-manager/olm-operator-metrics:https-metrics cluster IP" -m tcp --dport 8081 -j KUBE-SVC-5IJVCVIN67YXVDZB | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.81.58/32 -p tcp -m comment --comment "openshift-kube-scheduler-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.81.58/32 -p tcp -m comment --comment "openshift-kube-scheduler-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-HH47JV2DWEPNMQEX | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.252.93/32 -p tcp -m comment --comment "openshift-service-catalog-controller-manager-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.252.93/32 -p tcp -m comment --comment "openshift-service-catalog-controller-manager-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-K2TMANKUXS2PNXEQ | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.59.55/32 -p tcp -m comment --comment "openshift-ingress-operator/metrics:metrics cluster IP" -m tcp --dport 9393 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.59.55/32 -p tcp -m comment --comment "openshift-ingress-operator/metrics:metrics cluster IP" -m tcp --dport 9393 -j KUBE-SVC-DZZGCZT3USY56SM6 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.71.249/32 -p tcp -m comment --comment "openshift-monitoring/prometheus-adapter:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.71.249/32 -p tcp -m comment --comment "openshift-monitoring/prometheus-adapter:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-GDUOWZ6AYLOEFLKA | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.173.159/32 -p tcp -m comment --comment "openshift-kube-scheduler/scheduler:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.173.159/32 -p tcp -m comment --comment "openshift-kube-scheduler/scheduler:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-OGQPOTBHHZMRDA43 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.232.219/32 -p tcp -m comment --comment "openshift-cluster-version/cluster-version-operator:metrics cluster IP" -m tcp --dport 9099 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.232.219/32 -p tcp -m comment --comment "openshift-cluster-version/cluster-version-operator:metrics cluster IP" -m tcp --dport 9099 -j KUBE-SVC-LR44LCGLBA5H46DK | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.209.79/32 -p tcp -m comment --comment "openshift-kube-apiserver/apiserver:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.209.79/32 -p tcp -m comment --comment "openshift-kube-apiserver/apiserver:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-X7YGTN7QRQI2VNWZ | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.174.81/32 -p tcp -m comment --comment "openshift-marketplace/community-operators:grpc cluster IP" -m tcp --dport 50051 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.174.81/32 -p tcp -m comment --comment "openshift-marketplace/community-operators:grpc cluster IP" -m tcp --dport 50051 -j KUBE-SVC-IV3NQG4XWAFU5C3Q | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.255.15/32 -p tcp -m comment --comment "openshift-apiserver/api:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.255.15/32 -p tcp -m comment --comment "openshift-apiserver/api:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NM6OF7LZYCSWPYSN | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.199.42/32 -p tcp -m comment --comment "openshift-image-registry/image-registry:5000-tcp cluster IP" -m tcp --dport 5000 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.199.42/32 -p tcp -m comment --comment "openshift-image-registry/image-registry:5000-tcp cluster IP" -m tcp --dport 5000 -j KUBE-SVC-PCIHMO4L5A7KAMRN | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.228.224/32 -p tcp -m comment --comment "openshift-monitoring/alertmanager-main:web cluster IP" -m tcp --dport 9094 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.228.224/32 -p tcp -m comment --comment "openshift-monitoring/alertmanager-main:web cluster IP" -m tcp --dport 9094 -j KUBE-SVC-WHIODLEQRXTXJ6C7 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.101.90/32 -p tcp -m comment --comment "openshift-multus/multus-admission-controller: cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.101.90/32 -p tcp -m comment --comment "openshift-multus/multus-admission-controller: cluster IP" -m tcp --dport 443 -j KUBE-SVC-QULEBL73AVYTGTRT | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.172.40/32 -p tcp -m comment --comment "openshift-kube-controller-manager/kube-controller-manager:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.172.40/32 -p tcp -m comment --comment "openshift-kube-controller-manager/kube-controller-manager:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-VQFT5ZCKL2KRMQ3Q | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.0.36/32 -p tcp -m comment --comment "openshift-insights/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.0.36/32 -p tcp -m comment --comment "openshift-insights/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-FO4YVUCBKKQXTXB6 | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.74.154/32 -p tcp -m comment --comment "openshift-service-catalog-apiserver-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.74.154/32 -p tcp -m comment --comment "openshift-service-catalog-apiserver-operator/metrics:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-W22663DA36ETY3WD | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.240.8/32 -p tcp -m comment --comment "openshift-console/downloads:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.240.8/32 -p tcp -m comment --comment "openshift-console/downloads:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-FPN24U5GX5G2TPXH | |
| -A KUBE-SERVICES ! -s 10.128.0.0/14 -d 172.30.235.224/32 -p tcp -m comment --comment "openshift-authentication/oauth-openshift:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -d 172.30.235.224/32 -p tcp -m comment --comment "openshift-authentication/oauth-openshift:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-DK4IP773FHBZHRYV | |
| -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS | |
| -A KUBE-NODEPORTS -s 127.0.0.0/8 -p tcp -m comment --comment "openshift-ingress/router-default:https" -m tcp --dport 30697 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "openshift-ingress/router-default:https" -m tcp --dport 30697 -j KUBE-XLB-MBAZS3WDHL45BPIZ | |
| -A KUBE-NODEPORTS -s 127.0.0.0/8 -p tcp -m comment --comment "openshift-ingress/router-default:http" -m tcp --dport 32314 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "openshift-ingress/router-default:http" -m tcp --dport 32314 -j KUBE-XLB-HEVFQXAKPPGAL4BV | |
| -A KUBE-SVC-LR44LCGLBA5H46DK -j KUBE-SEP-4MKABDUEK6SQGANH | |
| -A KUBE-SEP-4MKABDUEK6SQGANH -s 10.127.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-4MKABDUEK6SQGANH -p tcp -m tcp -j DNAT --to-destination 10.127.2.9:9099 | |
| -A KUBE-SVC-Z7PD6XV52AKYPMA5 -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-TFBQ3LW6LJMJMZYL | |
| -A KUBE-SVC-Z7PD6XV52AKYPMA5 -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-66KCLSMEYPIBRXHV | |
| -A KUBE-SVC-Z7PD6XV52AKYPMA5 -j KUBE-SEP-MV4MA7S6DITYQYQF | |
| -A KUBE-SEP-TFBQ3LW6LJMJMZYL -s 10.127.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-TFBQ3LW6LJMJMZYL -p tcp -m tcp -j DNAT --to-destination 10.127.2.7:9979 | |
| -A KUBE-SEP-66KCLSMEYPIBRXHV -s 10.127.2.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-66KCLSMEYPIBRXHV -p tcp -m tcp -j DNAT --to-destination 10.127.2.8:9979 | |
| -A KUBE-SEP-MV4MA7S6DITYQYQF -s 10.127.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-MV4MA7S6DITYQYQF -p tcp -m tcp -j DNAT --to-destination 10.127.2.9:9979 | |
| -A KUBE-SVC-SSFS4UJOKJYBUN2S -j KUBE-SEP-PDAC5UM2WRGDGVSA | |
| -A KUBE-SEP-PDAC5UM2WRGDGVSA -s 10.130.0.2/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-PDAC5UM2WRGDGVSA -p tcp -m tcp -j DNAT --to-destination 10.130.0.2:2112 | |
| -A KUBE-SVC-NPX46M4PTMTKRN6Y -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-GD4IADR3FQ46NIKJ | |
| -A KUBE-SVC-NPX46M4PTMTKRN6Y -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-RXKOCVK62FPTQVQN | |
| -A KUBE-SVC-NPX46M4PTMTKRN6Y -j KUBE-SEP-XKO6FJDOAL5M4NNL | |
| -A KUBE-SVC-LS7JF6SL4ODP2YA4 -j KUBE-SEP-7PECFMJYXF5BCIVY | |
| -A KUBE-SEP-7PECFMJYXF5BCIVY -s 10.130.0.2/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-7PECFMJYXF5BCIVY -p tcp -m tcp -j DNAT --to-destination 10.130.0.2:443 | |
| -A KUBE-SVC-7CKPKLVT4G7W7WIT -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-SUNUKU4IJECIHK4S | |
| -A KUBE-SVC-7CKPKLVT4G7W7WIT -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-UPDDOFHFK4SCPB3U | |
| -A KUBE-SVC-7CKPKLVT4G7W7WIT -j KUBE-SEP-HQUPCX43SFAV5AZ7 | |
| -A KUBE-SEP-SUNUKU4IJECIHK4S -s 10.127.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-SUNUKU4IJECIHK4S -p tcp -m tcp -j DNAT --to-destination 10.127.2.7:2379 | |
| -A KUBE-SEP-UPDDOFHFK4SCPB3U -s 10.127.2.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-UPDDOFHFK4SCPB3U -p tcp -m tcp -j DNAT --to-destination 10.127.2.8:2379 | |
| -A KUBE-SEP-HQUPCX43SFAV5AZ7 -s 10.127.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-HQUPCX43SFAV5AZ7 -p tcp -m tcp -j DNAT --to-destination 10.127.2.9:2379 | |
| -A KUBE-SVC-QULEBL73AVYTGTRT -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-MYBVI7IJ6ASPFSYE | |
| -A KUBE-SVC-QULEBL73AVYTGTRT -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-QHEH55RP4BDHEZAS | |
| -A KUBE-SVC-QULEBL73AVYTGTRT -j KUBE-SEP-5GCOXTJJFPR67ZKJ | |
| -A KUBE-SEP-5GCOXTJJFPR67ZKJ -s 10.130.0.13/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-5GCOXTJJFPR67ZKJ -p tcp -m tcp -j DNAT --to-destination 10.130.0.13:6443 | |
| -A KUBE-SVC-UIDONVFEB6LPHORF -j KUBE-SEP-CKCIJZY6ER6ZVXUI | |
| -A KUBE-SEP-CKCIJZY6ER6ZVXUI -s 10.130.0.14/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-CKCIJZY6ER6ZVXUI -p tcp -m tcp -j DNAT --to-destination 10.130.0.14:8443 | |
| -A KUBE-SVC-2TW25BGER7T666BH -j KUBE-SEP-2LJ2RIDXEH5JNBFF | |
| -A KUBE-SEP-2LJ2RIDXEH5JNBFF -s 10.130.0.15/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-2LJ2RIDXEH5JNBFF -p tcp -m tcp -j DNAT --to-destination 10.130.0.15:9393 | |
| -A KUBE-SEP-QHEH55RP4BDHEZAS -s 10.129.0.3/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-QHEH55RP4BDHEZAS -p tcp -m tcp -j DNAT --to-destination 10.129.0.3:6443 | |
| -A KUBE-SVC-PFY2VR2AT5VQM74G -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-CY6KPAGKWMWFIRXE | |
| -A KUBE-SVC-PFY2VR2AT5VQM74G -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-IACO2RVRGQGJEOA6 | |
| -A KUBE-SVC-PFY2VR2AT5VQM74G -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-QFFSYQA22SPY5BSG | |
| -A KUBE-SVC-PFY2VR2AT5VQM74G -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-WHVTXXRMUERVC646 | |
| -A KUBE-SVC-PFY2VR2AT5VQM74G -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-PZVC34PCEQ7JO5N6 | |
| -A KUBE-SVC-PFY2VR2AT5VQM74G -j KUBE-SEP-YKRAKS7ODW7WGAVJ | |
| -A KUBE-SEP-CY6KPAGKWMWFIRXE -s 10.127.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-CY6KPAGKWMWFIRXE -p tcp -m tcp -j DNAT --to-destination 10.127.2.7:9001 | |
| -A KUBE-SEP-IACO2RVRGQGJEOA6 -s 10.127.2.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-IACO2RVRGQGJEOA6 -p tcp -m tcp -j DNAT --to-destination 10.127.2.8:9001 | |
| -A KUBE-SEP-QFFSYQA22SPY5BSG -s 10.127.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-QFFSYQA22SPY5BSG -p tcp -m tcp -j DNAT --to-destination 10.127.2.9:9001 | |
| -A KUBE-SEP-MYBVI7IJ6ASPFSYE -s 10.128.0.2/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-MYBVI7IJ6ASPFSYE -p tcp -m tcp -j DNAT --to-destination 10.128.0.2:6443 | |
| -A KUBE-SVC-BGNS3J6UB7MMLVDO -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-5S3APBVPZ32GSTDT | |
| -A KUBE-SVC-BGNS3J6UB7MMLVDO -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-RA2MB4QR6Z4IPI73 | |
| -A KUBE-SVC-BGNS3J6UB7MMLVDO -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-E5OFJKEMZ5KIXQUH | |
| -A KUBE-SVC-BGNS3J6UB7MMLVDO -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-UVFCNGV6WQ5INIVA | |
| -A KUBE-SVC-BGNS3J6UB7MMLVDO -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-3QZETRZL74363VKR | |
| -A KUBE-SVC-BGNS3J6UB7MMLVDO -j KUBE-SEP-SV3ZDF2LO63JRNJE | |
| -A KUBE-SEP-E5OFJKEMZ5KIXQUH -s 10.129.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-E5OFJKEMZ5KIXQUH -p udp -m udp -j DNAT --to-destination 10.129.0.4:5353 | |
| -A KUBE-SVC-6BRQXW4I6ZZ3LHZH -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-DM3EHCELV5E5AEYA | |
| -A KUBE-SVC-6BRQXW4I6ZZ3LHZH -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-ZKIQJVEDSSSPBPQK | |
| -A KUBE-SVC-6BRQXW4I6ZZ3LHZH -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-PHEQ2KCCMZFMSGIF | |
| -A KUBE-SVC-6BRQXW4I6ZZ3LHZH -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-YZS5LHMFTC7U6SIQ | |
| -A KUBE-SVC-6BRQXW4I6ZZ3LHZH -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-LCCR3RHAIHXV2BRY | |
| -A KUBE-SVC-6BRQXW4I6ZZ3LHZH -j KUBE-SEP-JRKT7YCALWYY3RJX | |
| -A KUBE-SEP-PHEQ2KCCMZFMSGIF -s 10.129.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-PHEQ2KCCMZFMSGIF -p tcp -m tcp -j DNAT --to-destination 10.129.0.4:5353 | |
| -A KUBE-SVC-P2RWE722QPZ5K3VW -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-3VRHH6OWW4QPQMXQ | |
| -A KUBE-SVC-P2RWE722QPZ5K3VW -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-45DPDJDJZKV3W742 | |
| -A KUBE-SVC-P2RWE722QPZ5K3VW -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-TI2SNOKAPOKRW5LP | |
| -A KUBE-SVC-P2RWE722QPZ5K3VW -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-PH2ASWYNLI2DYMIN | |
| -A KUBE-SVC-P2RWE722QPZ5K3VW -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-LLCLZU3LJLAMJMGC | |
| -A KUBE-SVC-P2RWE722QPZ5K3VW -j KUBE-SEP-RAJ254MEJTDXCDLZ | |
| -A KUBE-SEP-TI2SNOKAPOKRW5LP -s 10.129.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-TI2SNOKAPOKRW5LP -p tcp -m tcp -j DNAT --to-destination 10.129.0.4:9153 | |
| -A KUBE-SEP-DM3EHCELV5E5AEYA -s 10.128.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-DM3EHCELV5E5AEYA -p tcp -m tcp -j DNAT --to-destination 10.128.0.4:5353 | |
| -A KUBE-SEP-3VRHH6OWW4QPQMXQ -s 10.128.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-3VRHH6OWW4QPQMXQ -p tcp -m tcp -j DNAT --to-destination 10.128.0.4:9153 | |
| -A KUBE-SEP-5S3APBVPZ32GSTDT -s 10.128.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-5S3APBVPZ32GSTDT -p udp -m udp -j DNAT --to-destination 10.128.0.4:5353 | |
| -A KUBE-SVC-ZU5C2KTEVGGF4RWY -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-WMHFJGI2LR73C37F | |
| -A KUBE-SVC-ZU5C2KTEVGGF4RWY -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-VOJUUQ3QS5SEU2ME | |
| -A KUBE-SVC-ZU5C2KTEVGGF4RWY -j KUBE-SEP-GHVXFLQNYR7WWSXK | |
| -A KUBE-SEP-LCCR3RHAIHXV2BRY -s 10.130.0.16/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-LCCR3RHAIHXV2BRY -p tcp -m tcp -j DNAT --to-destination 10.130.0.16:5353 | |
| -A KUBE-SEP-LLCLZU3LJLAMJMGC -s 10.130.0.16/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-LLCLZU3LJLAMJMGC -p tcp -m tcp -j DNAT --to-destination 10.130.0.16:9153 | |
| -A KUBE-SEP-3QZETRZL74363VKR -s 10.130.0.16/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-3QZETRZL74363VKR -p udp -m udp -j DNAT --to-destination 10.130.0.16:5353 | |
| -A KUBE-SVC-DYEHYI43W4Y6JVSZ -j KUBE-SEP-3575BCAK7Z3BEHDH | |
| -A KUBE-SEP-3575BCAK7Z3BEHDH -s 10.130.0.5/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-3575BCAK7Z3BEHDH -p tcp -m tcp -j DNAT --to-destination 10.130.0.5:8443 | |
| -A KUBE-SVC-VQFT5ZCKL2KRMQ3Q -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-5X6Y2VMNCVK2QNTY | |
| -A KUBE-SVC-VQFT5ZCKL2KRMQ3Q -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-VQN24HUY56ODBRLC | |
| -A KUBE-SVC-VQFT5ZCKL2KRMQ3Q -j KUBE-SEP-AGAQSR6UN7LM4Q3T | |
| -A KUBE-SVC-BCVO45GDJF63HKMI -j KUBE-SEP-EVFXMNDQKJHZB4TH | |
| -A KUBE-SEP-EVFXMNDQKJHZB4TH -s 10.130.0.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-EVFXMNDQKJHZB4TH -p tcp -m tcp -j DNAT --to-destination 10.130.0.6:8443 | |
| -A KUBE-SVC-CIUYVLZDADCHPTYT -j KUBE-SEP-Y2MGYSMES5WWGD26 | |
| -A KUBE-SEP-Y2MGYSMES5WWGD26 -s 10.130.0.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-Y2MGYSMES5WWGD26 -p tcp -m tcp -j DNAT --to-destination 10.130.0.7:8443 | |
| -A KUBE-SVC-HH47JV2DWEPNMQEX -j KUBE-SEP-ZDIX6XDZJUJUXFUD | |
| -A KUBE-SEP-ZDIX6XDZJUJUXFUD -s 10.130.0.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ZDIX6XDZJUJUXFUD -p tcp -m tcp -j DNAT --to-destination 10.130.0.9:8443 | |
| -A KUBE-SVC-OGQPOTBHHZMRDA43 -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-CXJ5BRCGRWT2MBC5 | |
| -A KUBE-SVC-OGQPOTBHHZMRDA43 -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-L556YJ6UGVI74FSG | |
| -A KUBE-SVC-OGQPOTBHHZMRDA43 -j KUBE-SEP-OR7JBYO4MKQ5UJ4Y | |
| -A KUBE-SVC-KHZTXOIJSDOQRG4A -j KUBE-SEP-ZNLYTO3V66MCYVEM | |
| -A KUBE-SEP-ZNLYTO3V66MCYVEM -s 10.130.0.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ZNLYTO3V66MCYVEM -p tcp -m tcp -j DNAT --to-destination 10.130.0.8:8443 | |
| -A KUBE-SVC-X7YGTN7QRQI2VNWZ -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-STJIA6VIFOF562TA | |
| -A KUBE-SVC-X7YGTN7QRQI2VNWZ -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-H24X4T72C4RE2CUR | |
| -A KUBE-SVC-X7YGTN7QRQI2VNWZ -j KUBE-SEP-CITEMVSI5PWPXE6A | |
| -A KUBE-SEP-5X6Y2VMNCVK2QNTY -s 10.127.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-5X6Y2VMNCVK2QNTY -p tcp -m tcp -j DNAT --to-destination 10.127.2.7:10257 | |
| -A KUBE-SEP-CXJ5BRCGRWT2MBC5 -s 10.127.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-CXJ5BRCGRWT2MBC5 -p tcp -m tcp -j DNAT --to-destination 10.127.2.7:10259 | |
| -A KUBE-SVC-NM6OF7LZYCSWPYSN -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-NXPU5O6MWGEOGW7G | |
| -A KUBE-SVC-NM6OF7LZYCSWPYSN -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TDAY2MPUANYP5FU7 | |
| -A KUBE-SVC-NM6OF7LZYCSWPYSN -j KUBE-SEP-PKG5ALPKHH5V2W2D | |
| -A KUBE-SVC-7J3OL37IT2UBOOAL -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-3X645DT6WRENSOAH | |
| -A KUBE-SVC-7J3OL37IT2UBOOAL -j KUBE-SEP-2TBBYGT5DOG7XU6A | |
| -A KUBE-SEP-2TBBYGT5DOG7XU6A -s 10.129.0.17/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-2TBBYGT5DOG7XU6A -p tcp -m tcp -j DNAT --to-destination 10.129.0.17:5443 | |
| -A KUBE-SVC-A2G2ICINC4ZVGP64 -j KUBE-SEP-YROTFQXQHSQGXEZB | |
| -A KUBE-SEP-YROTFQXQHSQGXEZB -s 10.129.0.18/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-YROTFQXQHSQGXEZB -p tcp -m tcp -j DNAT --to-destination 10.129.0.18:8081 | |
| -A KUBE-SVC-W22663DA36ETY3WD -j KUBE-SEP-275PAV3N36TOVNL5 | |
| -A KUBE-SEP-275PAV3N36TOVNL5 -s 10.129.0.19/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-275PAV3N36TOVNL5 -p tcp -m tcp -j DNAT --to-destination 10.129.0.19:8443 | |
| -A KUBE-SVC-FO4YVUCBKKQXTXB6 -j KUBE-SEP-G3UONUQSYCXEHDR2 | |
| -A KUBE-SEP-G3UONUQSYCXEHDR2 -s 10.129.0.21/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-G3UONUQSYCXEHDR2 -p tcp -m tcp -j DNAT --to-destination 10.129.0.21:8443 | |
| -A KUBE-SVC-FWPMMI34GVXXB7IX -j KUBE-SEP-IUZGGXFV746265V4 | |
| -A KUBE-SEP-IUZGGXFV746265V4 -s 10.128.0.18/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-IUZGGXFV746265V4 -p tcp -m tcp -j DNAT --to-destination 10.128.0.18:8443 | |
| -A KUBE-SEP-3X645DT6WRENSOAH -s 10.128.0.24/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-3X645DT6WRENSOAH -p tcp -m tcp -j DNAT --to-destination 10.128.0.24:5443 | |
| -A KUBE-SVC-LG3WZOYAKHCJ6X6O -j KUBE-SEP-DBJSNNLEDIEWWY3N | |
| -A KUBE-SEP-DBJSNNLEDIEWWY3N -s 10.128.0.25/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-DBJSNNLEDIEWWY3N -p tcp -m tcp -j DNAT --to-destination 10.128.0.25:8383 | |
| -A KUBE-SVC-6RVLNWC5AKEV5WJD -j KUBE-SEP-XOPXOPSAZCLBWXGP | |
| -A KUBE-SEP-XOPXOPSAZCLBWXGP -s 10.128.0.22/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-XOPXOPSAZCLBWXGP -p tcp -m tcp -j DNAT --to-destination 10.128.0.22:8443 | |
| -A KUBE-SVC-K2TMANKUXS2PNXEQ -j KUBE-SEP-MBGTYH3MZCSIDD2M | |
| -A KUBE-SEP-MBGTYH3MZCSIDD2M -s 10.128.0.23/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-MBGTYH3MZCSIDD2M -p tcp -m tcp -j DNAT --to-destination 10.128.0.23:8443 | |
| -A KUBE-SVC-DZZGCZT3USY56SM6 -j KUBE-SEP-HP66AJLAOB73WEIV | |
| -A KUBE-SEP-HP66AJLAOB73WEIV -s 10.128.0.29/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-HP66AJLAOB73WEIV -p tcp -m tcp -j DNAT --to-destination 10.128.0.29:9393 | |
| -A KUBE-SVC-5IJVCVIN67YXVDZB -j KUBE-SEP-7TRZ5MD2S4UK2BDL | |
| -A KUBE-SEP-7TRZ5MD2S4UK2BDL -s 10.128.0.19/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-7TRZ5MD2S4UK2BDL -p tcp -m tcp -j DNAT --to-destination 10.128.0.19:8081 | |
| -A KUBE-SVC-FPN24U5GX5G2TPXH -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-LVNHBVLF4MWHFIJR | |
| -A KUBE-SVC-FPN24U5GX5G2TPXH -j KUBE-SEP-3CQEY6W575RNLCTJ | |
| -A KUBE-SEP-3CQEY6W575RNLCTJ -s 10.129.0.23/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-3CQEY6W575RNLCTJ -p tcp -m tcp -j DNAT --to-destination 10.129.0.23:8080 | |
| -A KUBE-SEP-LVNHBVLF4MWHFIJR -s 10.128.0.28/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-LVNHBVLF4MWHFIJR -p tcp -m tcp -j DNAT --to-destination 10.128.0.28:8080 | |
| -A KUBE-XLB-MBAZS3WDHL45BPIZ -s 10.128.0.0/14 -m comment --comment "Redirect pods trying to reach external loadbalancer VIP to clusterIP" -j KUBE-SVC-MBAZS3WDHL45BPIZ | |
| -A KUBE-XLB-MBAZS3WDHL45BPIZ -m comment --comment "masquerade LOCAL traffic for openshift-ingress/router-default:https LB IP" -m addrtype --src-type LOCAL -j KUBE-MARK-MASQ | |
| -A KUBE-XLB-MBAZS3WDHL45BPIZ -m comment --comment "route LOCAL traffic for openshift-ingress/router-default:https LB IP to service chain" -m addrtype --src-type LOCAL -j KUBE-SVC-MBAZS3WDHL45BPIZ | |
| -A KUBE-XLB-MBAZS3WDHL45BPIZ -m comment --comment "openshift-ingress/router-default:https has no local endpoints" -j KUBE-MARK-DROP | |
| -A KUBE-XLB-HEVFQXAKPPGAL4BV -s 10.128.0.0/14 -m comment --comment "Redirect pods trying to reach external loadbalancer VIP to clusterIP" -j KUBE-SVC-HEVFQXAKPPGAL4BV | |
| -A KUBE-XLB-HEVFQXAKPPGAL4BV -m comment --comment "masquerade LOCAL traffic for openshift-ingress/router-default:http LB IP" -m addrtype --src-type LOCAL -j KUBE-MARK-MASQ | |
| -A KUBE-XLB-HEVFQXAKPPGAL4BV -m comment --comment "route LOCAL traffic for openshift-ingress/router-default:http LB IP to service chain" -m addrtype --src-type LOCAL -j KUBE-SVC-HEVFQXAKPPGAL4BV | |
| -A KUBE-XLB-HEVFQXAKPPGAL4BV -m comment --comment "openshift-ingress/router-default:http has no local endpoints" -j KUBE-MARK-DROP | |
| -A KUBE-SEP-L556YJ6UGVI74FSG -s 10.127.2.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-L556YJ6UGVI74FSG -p tcp -m tcp -j DNAT --to-destination 10.127.2.8:10259 | |
| -A KUBE-SEP-VQN24HUY56ODBRLC -s 10.127.2.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-VQN24HUY56ODBRLC -p tcp -m tcp -j DNAT --to-destination 10.127.2.8:10257 | |
| -A KUBE-SVC-GGV3SPGNRULALRSD -j KUBE-SEP-RIYAB2YZOV44WTFV | |
| -A KUBE-SEP-RIYAB2YZOV44WTFV -s 10.129.0.26/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-RIYAB2YZOV44WTFV -p tcp -m tcp -j DNAT --to-destination 10.129.0.26:9192 | |
| -A KUBE-SVC-H7AEPRVAHANZXX45 -j KUBE-SEP-YYC4JUOQZCBQGIHX | |
| -A KUBE-SEP-YYC4JUOQZCBQGIHX -s 10.129.0.26/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-YYC4JUOQZCBQGIHX -p tcp -m tcp -j DNAT --to-destination 10.129.0.26:8443 | |
| -A KUBE-SEP-GHVXFLQNYR7WWSXK -s 10.130.0.34/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-GHVXFLQNYR7WWSXK -p tcp -m tcp -j DNAT --to-destination 10.130.0.34:8443 | |
| -A KUBE-SEP-NXPU5O6MWGEOGW7G -s 10.128.0.33/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-NXPU5O6MWGEOGW7G -p tcp -m tcp -j DNAT --to-destination 10.128.0.33:8443 | |
| -A KUBE-SEP-OR7JBYO4MKQ5UJ4Y -s 10.127.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-OR7JBYO4MKQ5UJ4Y -p tcp -m tcp -j DNAT --to-destination 10.127.2.9:10259 | |
| -A KUBE-SEP-WMHFJGI2LR73C37F -s 10.128.0.42/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-WMHFJGI2LR73C37F -p tcp -m tcp -j DNAT --to-destination 10.128.0.42:8443 | |
| -A KUBE-SVC-PCIHMO4L5A7KAMRN -j KUBE-SEP-AX4N2OIJBZ6L6NW6 | |
| -A KUBE-SEP-AX4N2OIJBZ6L6NW6 -s 10.129.2.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-AX4N2OIJBZ6L6NW6 -p tcp -m tcp -j DNAT --to-destination 10.129.2.6:5000 | |
| -A KUBE-SVC-U3LVBEEPLKGG5GBK -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-PWVCTICZJSO5WW7H | |
| -A KUBE-SVC-U3LVBEEPLKGG5GBK -j KUBE-SEP-IZB7IASTWRWDPDUO | |
| -A KUBE-SEP-IZB7IASTWRWDPDUO -s 10.129.2.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-IZB7IASTWRWDPDUO -p tcp -m tcp -j DNAT --to-destination 10.129.2.4:80 | |
| -A KUBE-SVC-LMGCLHC2KUY6NS4N -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-DBYB5VZPULVAS2HQ | |
| -A KUBE-SVC-LMGCLHC2KUY6NS4N -j KUBE-SEP-O3QI6YXMF3GYYNVV | |
| -A KUBE-SEP-O3QI6YXMF3GYYNVV -s 10.129.2.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-O3QI6YXMF3GYYNVV -p tcp -m tcp -j DNAT --to-destination 10.129.2.4:1936 | |
| -A KUBE-SVC-PIUKAOOLWSYDMVAC -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-H2TMZMMXORBJSMY7 | |
| -A KUBE-SVC-PIUKAOOLWSYDMVAC -j KUBE-SEP-ZJ3NUGZEAM2KX5XS | |
| -A KUBE-SEP-ZJ3NUGZEAM2KX5XS -s 10.129.2.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ZJ3NUGZEAM2KX5XS -p tcp -m tcp -j DNAT --to-destination 10.129.2.4:443 | |
| -A KUBE-SVC-MBAZS3WDHL45BPIZ -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-Q2CKVGAJBCLC4NIZ | |
| -A KUBE-SVC-MBAZS3WDHL45BPIZ -j KUBE-SEP-AUMVJX6JLBB36IHN | |
| -A KUBE-FW-MBAZS3WDHL45BPIZ -m comment --comment "openshift-ingress/router-default:https loadbalancer IP" -j KUBE-XLB-MBAZS3WDHL45BPIZ | |
| -A KUBE-FW-MBAZS3WDHL45BPIZ -m comment --comment "openshift-ingress/router-default:https loadbalancer IP" -j KUBE-MARK-DROP | |
| -A KUBE-SEP-AUMVJX6JLBB36IHN -s 10.129.2.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-AUMVJX6JLBB36IHN -p tcp -m tcp -j DNAT --to-destination 10.129.2.4:443 | |
| -A KUBE-SVC-HEVFQXAKPPGAL4BV -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-GGBDTYQM4MIEJQZY | |
| -A KUBE-SVC-HEVFQXAKPPGAL4BV -j KUBE-SEP-SG4EKRKXOIXUBZGS | |
| -A KUBE-FW-HEVFQXAKPPGAL4BV -m comment --comment "openshift-ingress/router-default:http loadbalancer IP" -j KUBE-XLB-HEVFQXAKPPGAL4BV | |
| -A KUBE-FW-HEVFQXAKPPGAL4BV -m comment --comment "openshift-ingress/router-default:http loadbalancer IP" -j KUBE-MARK-DROP | |
| -A KUBE-SEP-SG4EKRKXOIXUBZGS -s 10.129.2.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-SG4EKRKXOIXUBZGS -p tcp -m tcp -j DNAT --to-destination 10.129.2.4:80 | |
| -A KUBE-SVC-DK4IP773FHBZHRYV -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-52RPOOWXY56MOSWI | |
| -A KUBE-SVC-DK4IP773FHBZHRYV -j KUBE-SEP-IP4LG6S4IPL2QMQ5 | |
| -A KUBE-SEP-WHVTXXRMUERVC646 -s 10.32.207.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-WHVTXXRMUERVC646 -p tcp -m tcp -j DNAT --to-destination 10.32.207.4:9001 | |
| -A KUBE-SEP-YZS5LHMFTC7U6SIQ -s 10.129.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-YZS5LHMFTC7U6SIQ -p tcp -m tcp -j DNAT --to-destination 10.129.2.9:5353 | |
| -A KUBE-SEP-PH2ASWYNLI2DYMIN -s 10.129.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-PH2ASWYNLI2DYMIN -p tcp -m tcp -j DNAT --to-destination 10.129.2.9:9153 | |
| -A KUBE-SEP-UVFCNGV6WQ5INIVA -s 10.129.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-UVFCNGV6WQ5INIVA -p udp -m udp -j DNAT --to-destination 10.129.2.9:5353 | |
| -A KUBE-SEP-AGAQSR6UN7LM4Q3T -s 10.127.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-AGAQSR6UN7LM4Q3T -p tcp -m tcp -j DNAT --to-destination 10.127.2.9:10257 | |
| -A KUBE-SEP-JRKT7YCALWYY3RJX -s 10.131.0.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-JRKT7YCALWYY3RJX -p tcp -m tcp -j DNAT --to-destination 10.131.0.6:5353 | |
| -A KUBE-SEP-RAJ254MEJTDXCDLZ -s 10.131.0.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-RAJ254MEJTDXCDLZ -p tcp -m tcp -j DNAT --to-destination 10.131.0.6:9153 | |
| -A KUBE-SEP-SV3ZDF2LO63JRNJE -s 10.131.0.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-SV3ZDF2LO63JRNJE -p udp -m udp -j DNAT --to-destination 10.131.0.6:5353 | |
| -A KUBE-SEP-TDAY2MPUANYP5FU7 -s 10.129.0.33/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-TDAY2MPUANYP5FU7 -p tcp -m tcp -j DNAT --to-destination 10.129.0.33:8443 | |
| -A KUBE-SVC-SGDZNVXMHJCPEAE2 -j KUBE-SEP-SU2TXBNY333DTHCH | |
| -A KUBE-SEP-SU2TXBNY333DTHCH -s 10.131.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-SU2TXBNY333DTHCH -p tcp -m tcp -j DNAT --to-destination 10.131.0.4:50051 | |
| -A KUBE-SEP-PZVC34PCEQ7JO5N6 -s 10.32.207.5/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-PZVC34PCEQ7JO5N6 -p tcp -m tcp -j DNAT --to-destination 10.32.207.5:9001 | |
| -A KUBE-SEP-PWVCTICZJSO5WW7H -s 10.128.2.5/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-PWVCTICZJSO5WW7H -p tcp -m tcp -j DNAT --to-destination 10.128.2.5:80 | |
| -A KUBE-SEP-DBYB5VZPULVAS2HQ -s 10.128.2.5/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-DBYB5VZPULVAS2HQ -p tcp -m tcp -j DNAT --to-destination 10.128.2.5:1936 | |
| -A KUBE-SEP-H2TMZMMXORBJSMY7 -s 10.128.2.5/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-H2TMZMMXORBJSMY7 -p tcp -m tcp -j DNAT --to-destination 10.128.2.5:443 | |
| -A KUBE-SEP-Q2CKVGAJBCLC4NIZ -s 10.128.2.5/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-Q2CKVGAJBCLC4NIZ -p tcp -m tcp -j DNAT --to-destination 10.128.2.5:443 | |
| -A KUBE-SEP-GGBDTYQM4MIEJQZY -s 10.128.2.5/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-GGBDTYQM4MIEJQZY -p tcp -m tcp -j DNAT --to-destination 10.128.2.5:80 | |
| -A KUBE-SEP-IP4LG6S4IPL2QMQ5 -s 10.130.0.42/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-IP4LG6S4IPL2QMQ5 -p tcp -m tcp -j DNAT --to-destination 10.130.0.42:6443 | |
| -A KUBE-SEP-45DPDJDJZKV3W742 -s 10.128.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-45DPDJDJZKV3W742 -p tcp -m tcp -j DNAT --to-destination 10.128.2.7:9153 | |
| -A KUBE-SEP-RA2MB4QR6Z4IPI73 -s 10.128.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-RA2MB4QR6Z4IPI73 -p udp -m udp -j DNAT --to-destination 10.128.2.7:5353 | |
| -A KUBE-SEP-ZKIQJVEDSSSPBPQK -s 10.128.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ZKIQJVEDSSSPBPQK -p tcp -m tcp -j DNAT --to-destination 10.128.2.7:5353 | |
| -A KUBE-SEP-52RPOOWXY56MOSWI -s 10.128.0.46/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-52RPOOWXY56MOSWI -p tcp -m tcp -j DNAT --to-destination 10.128.0.46:6443 | |
| -A KUBE-SEP-VOJUUQ3QS5SEU2ME -s 10.129.0.36/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-VOJUUQ3QS5SEU2ME -p tcp -m tcp -j DNAT --to-destination 10.129.0.36:8443 | |
| -A KUBE-SVC-IV3NQG4XWAFU5C3Q -j KUBE-SEP-NLQVHDOOTXPCZAGV | |
| -A KUBE-SEP-NLQVHDOOTXPCZAGV -s 10.128.2.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-NLQVHDOOTXPCZAGV -p tcp -m tcp -j DNAT --to-destination 10.128.2.6:50051 | |
| -A KUBE-SEP-XKO6FJDOAL5M4NNL -s 10.127.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-XKO6FJDOAL5M4NNL -p tcp -m tcp -j DNAT --to-destination 10.127.2.9:6443 | |
| -A KUBE-SEP-PKG5ALPKHH5V2W2D -s 10.130.0.44/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-PKG5ALPKHH5V2W2D -p tcp -m tcp -j DNAT --to-destination 10.130.0.44:8443 | |
| -A KUBE-SEP-CITEMVSI5PWPXE6A -s 10.127.2.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-CITEMVSI5PWPXE6A -p tcp -m tcp -j DNAT --to-destination 10.127.2.9:6443 | |
| -A KUBE-SEP-YKRAKS7ODW7WGAVJ -s 10.32.207.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-YKRAKS7ODW7WGAVJ -p tcp -m tcp -j DNAT --to-destination 10.32.207.6:9001 | |
| -A KUBE-SVC-2O3SXCDVWWS7KYC5 -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-I2SWZVM3HXJFH5TS | |
| -A KUBE-SVC-2O3SXCDVWWS7KYC5 -j KUBE-SEP-V7XAGOKAFMZQI5F7 | |
| -A KUBE-SEP-I2SWZVM3HXJFH5TS -s 10.129.0.35/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-I2SWZVM3HXJFH5TS -p tcp -m tcp -j DNAT --to-destination 10.129.0.35:8443 | |
| -A KUBE-SEP-V7XAGOKAFMZQI5F7 -s 10.130.0.46/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-V7XAGOKAFMZQI5F7 -p tcp -m tcp -j DNAT --to-destination 10.130.0.46:8443 | |
| -A KUBE-SEP-RXKOCVK62FPTQVQN -s 10.127.2.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-RXKOCVK62FPTQVQN -p tcp -m tcp -j DNAT --to-destination 10.127.2.8:6443 | |
| -A KUBE-SEP-H24X4T72C4RE2CUR -s 10.127.2.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-H24X4T72C4RE2CUR -p tcp -m tcp -j DNAT --to-destination 10.127.2.8:6443 | |
| -A KUBE-SEP-GD4IADR3FQ46NIKJ -s 10.127.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-GD4IADR3FQ46NIKJ -p tcp -m tcp -j DNAT --to-destination 10.127.2.7:6443 | |
| -A KUBE-SEP-STJIA6VIFOF562TA -s 10.127.2.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-STJIA6VIFOF562TA -p tcp -m tcp -j DNAT --to-destination 10.127.2.7:6443 | |
| -A KUBE-SVC-GDUOWZ6AYLOEFLKA -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-4IC5M6EX4P3TRWQV | |
| -A KUBE-SVC-GDUOWZ6AYLOEFLKA -j KUBE-SEP-ALUZXWIYXAQ74JOP | |
| -A KUBE-SEP-ALUZXWIYXAQ74JOP -s 10.131.0.13/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ALUZXWIYXAQ74JOP -p tcp -m tcp -j DNAT --to-destination 10.131.0.13:6443 | |
| -A KUBE-SVC-QBIGAHEJ6S2DZFMU -j KUBE-SEP-6QH4MRKB2FHCICVC | |
| -A KUBE-SEP-6QH4MRKB2FHCICVC -s 10.131.0.11/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-6QH4MRKB2FHCICVC -p tcp -m tcp -j DNAT --to-destination 10.131.0.11:3000 | |
| -A KUBE-SVC-RD6ZTFGQGXUEWIFM -j KUBE-SEP-GCBED77JG6GVQVWL | |
| -A KUBE-SEP-GCBED77JG6GVQVWL -s 10.131.0.11/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-GCBED77JG6GVQVWL -p tcp -m tcp -j DNAT --to-destination 10.131.0.11:3000 | |
| -A KUBE-SVC-WHIODLEQRXTXJ6C7 -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-7TTVWRI5RODCVPOB --mask 255.255.255.255 --rsource -j KUBE-SEP-7TTVWRI5RODCVPOB | |
| -A KUBE-SVC-WHIODLEQRXTXJ6C7 -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-IVMUQO6SECE54UQQ --mask 255.255.255.255 --rsource -j KUBE-SEP-IVMUQO6SECE54UQQ | |
| -A KUBE-SVC-WHIODLEQRXTXJ6C7 -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-IVHZT2XMCTGDO36U --mask 255.255.255.255 --rsource -j KUBE-SEP-IVHZT2XMCTGDO36U | |
| -A KUBE-SVC-WHIODLEQRXTXJ6C7 -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-7TTVWRI5RODCVPOB | |
| -A KUBE-SVC-WHIODLEQRXTXJ6C7 -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-IVMUQO6SECE54UQQ | |
| -A KUBE-SVC-WHIODLEQRXTXJ6C7 -j KUBE-SEP-IVHZT2XMCTGDO36U | |
| -A KUBE-SEP-7TTVWRI5RODCVPOB -s 10.128.2.13/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-7TTVWRI5RODCVPOB -p tcp -m recent --set --name KUBE-SEP-7TTVWRI5RODCVPOB --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.128.2.13:9095 | |
| -A KUBE-SEP-4IC5M6EX4P3TRWQV -s 10.128.2.12/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-4IC5M6EX4P3TRWQV -p tcp -m tcp -j DNAT --to-destination 10.128.2.12:6443 | |
| -A KUBE-SVC-G5A7ID5ATXHWKRS5 -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-WVBE4BK7PNAWED5E | |
| -A KUBE-SVC-G5A7ID5ATXHWKRS5 -j KUBE-SEP-FD53R25E7TWOKWFJ | |
| -A KUBE-SVC-C4CT6K4SQFWI5WLJ -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-AQU3TUXSRRYA3P4M | |
| -A KUBE-SVC-C4CT6K4SQFWI5WLJ -j KUBE-SEP-BOAGM7U7HUO54BSO | |
| -A KUBE-SEP-FD53R25E7TWOKWFJ -s 10.129.0.41/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-FD53R25E7TWOKWFJ -p tcp -m tcp -j DNAT --to-destination 10.129.0.41:9091 | |
| -A KUBE-SEP-BOAGM7U7HUO54BSO -s 10.129.0.41/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-BOAGM7U7HUO54BSO -p tcp -m tcp -j DNAT --to-destination 10.129.0.41:9092 | |
| -A KUBE-SEP-IVMUQO6SECE54UQQ -s 10.129.2.12/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-IVMUQO6SECE54UQQ -p tcp -m recent --set --name KUBE-SEP-IVMUQO6SECE54UQQ --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.129.2.12:9095 | |
| -A KUBE-SEP-WVBE4BK7PNAWED5E -s 10.128.0.51/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-WVBE4BK7PNAWED5E -p tcp -m tcp -j DNAT --to-destination 10.128.0.51:9091 | |
| -A KUBE-SEP-AQU3TUXSRRYA3P4M -s 10.128.0.51/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-AQU3TUXSRRYA3P4M -p tcp -m tcp -j DNAT --to-destination 10.128.0.51:9092 | |
| -A KUBE-SEP-IVHZT2XMCTGDO36U -s 10.131.0.14/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-IVHZT2XMCTGDO36U -p tcp -m recent --set --name KUBE-SEP-IVHZT2XMCTGDO36U --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.131.0.14:9095 | |
| -A KUBE-SVC-PML2I3IN4LX2JLFY -j KUBE-SEP-6B7UNS2PSWJBCGBU | |
| -A KUBE-SEP-6B7UNS2PSWJBCGBU -s 10.128.2.14/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-6B7UNS2PSWJBCGBU -p tcp -m tcp -j DNAT --to-destination 10.128.2.14:50051 | |
| COMMIT | |
| # Completed on Fri Apr 17 15:06:10 2020 | |
| # Generated by iptables-save v1.8.4 on Fri Apr 17 15:06:10 2020 | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :KUBE-FIREWALL - [0:0] | |
| :OPENSHIFT-BLOCK-OUTPUT - [0:0] | |
| :OPENSHIFT-FIREWALL-FORWARD - [0:0] | |
| :OPENSHIFT-ADMIN-OUTPUT-RULES - [0:0] | |
| :OPENSHIFT-FIREWALL-ALLOW - [0:0] | |
| :OPENSHIFT-SDN-CANARY - [0:0] | |
| :KUBE-PROXY-CANARY - [0:0] | |
| :KUBE-NODEPORT-NON-LOCAL - [0:0] | |
| :KUBE-EXTERNAL-SERVICES - [0:0] | |
| :KUBE-SERVICES - [0:0] | |
| :KUBE-FORWARD - [0:0] | |
| -A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes externally-visible service portals" -j KUBE-EXTERNAL-SERVICES | |
| -A INPUT -m comment --comment "Ensure that non-local NodePort traffic can flow" -j KUBE-NODEPORT-NON-LOCAL | |
| -A INPUT -m comment --comment "firewall overrides" -j OPENSHIFT-FIREWALL-ALLOW | |
| -A INPUT -j KUBE-FIREWALL | |
| -A FORWARD -m comment --comment "kubernetes forwarding rules" -j KUBE-FORWARD | |
| -A FORWARD -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A FORWARD -i tun0 ! -o tun0 -m comment --comment "administrator overrides" -j OPENSHIFT-ADMIN-OUTPUT-RULES | |
| -A FORWARD -m comment --comment "firewall overrides" -j OPENSHIFT-FIREWALL-FORWARD | |
| -A FORWARD -m comment --comment "firewall overrides" -j OPENSHIFT-BLOCK-OUTPUT | |
| -A OUTPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A OUTPUT -m comment --comment "firewall overrides" -j OPENSHIFT-BLOCK-OUTPUT | |
| -A OUTPUT -j KUBE-FIREWALL | |
| -A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP | |
| -A OPENSHIFT-BLOCK-OUTPUT -p tcp -m tcp --dport 22623 -j REJECT --reject-with icmp-port-unreachable | |
| -A OPENSHIFT-BLOCK-OUTPUT -p tcp -m tcp --dport 22624 -j REJECT --reject-with icmp-port-unreachable | |
| -A OPENSHIFT-FIREWALL-FORWARD -s 10.128.0.0/14 -m comment --comment "attempted resend after connection close" -m conntrack --ctstate INVALID -j DROP | |
| -A OPENSHIFT-FIREWALL-FORWARD -d 10.128.0.0/14 -m comment --comment "forward traffic from SDN" -j ACCEPT | |
| -A OPENSHIFT-FIREWALL-FORWARD -s 10.128.0.0/14 -m comment --comment "forward traffic to SDN" -j ACCEPT | |
| -A OPENSHIFT-FIREWALL-ALLOW -p udp -m udp --dport 4789 -m comment --comment "VXLAN incoming" -j ACCEPT | |
| -A OPENSHIFT-FIREWALL-ALLOW -i tun0 -m comment --comment "from SDN to localhost" -j ACCEPT | |
| -A OPENSHIFT-FIREWALL-ALLOW -i docker0 -m comment --comment "from docker to localhost" -j ACCEPT | |
| -A KUBE-SERVICES -d 172.30.153.110/32 -p tcp -m comment --comment "openshift-monitoring/prometheus-k8s:tenancy has no endpoints" -m tcp --dport 9092 -j REJECT --reject-with icmp-port-unreachable | |
| -A KUBE-SERVICES -d 172.30.153.110/32 -p tcp -m comment --comment "openshift-monitoring/prometheus-k8s:web has no endpoints" -m tcp --dport 9091 -j REJECT --reject-with icmp-port-unreachable | |
| -A KUBE-FORWARD -m conntrack --ctstate INVALID -j DROP | |
| -A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x1/0x1 -j ACCEPT | |
| -A KUBE-FORWARD -s 10.128.0.0/14 -m comment --comment "kubernetes forwarding conntrack pod source rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A KUBE-FORWARD -d 10.128.0.0/14 -m comment --comment "kubernetes forwarding conntrack pod destination rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| COMMIT | |
| # Completed on Fri Apr 17 15:06:10 2020 | |
| # Generated by iptables-save v1.8.4 on Fri Apr 17 15:06:10 2020 | |
| *mangle | |
| :PREROUTING ACCEPT [0:0] | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| :OPENSHIFT-SDN-CANARY - [0:0] | |
| :KUBE-PROXY-CANARY - [0:0] | |
| COMMIT | |
| # Completed on Fri Apr 17 15:06:10 2020 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment