Created
February 26, 2018 16:02
-
-
Save r7vme/63cb0d49a10bd1f59625a3839358334b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IPTABLES | |
| ======== | |
| # Generated by iptables-save v1.4.21 on Mon Feb 26 15:58:54 2018 | |
| *mangle | |
| :PREROUTING ACCEPT [1171723:87313973] | |
| :INPUT ACCEPT [16026863:8967456859] | |
| :FORWARD ACCEPT [58068593:58910090080] | |
| :OUTPUT ACCEPT [16582291:10153852606] | |
| :POSTROUTING ACCEPT [74649652:69063892188] | |
| :cali-PREROUTING - [0:0] | |
| :cali-failsafe-in - [0:0] | |
| :cali-from-host-endpoint - [0:0] | |
| -A PREROUTING -m comment --comment "cali:6gwbT8clXdHdC1b1" -j cali-PREROUTING | |
| -A cali-PREROUTING -m comment --comment "cali:6BJqBjBC7crtA-7-" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-PREROUTING -m comment --comment "cali:nE3PUa5RSRqBBvwx" -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-PREROUTING -i cali+ -m comment --comment "cali:qgFofvzQe6yJPouQ" -j ACCEPT | |
| -A cali-PREROUTING -m comment --comment "cali:o178eO5vvpj8e65z" -j cali-from-host-endpoint | |
| -A cali-PREROUTING -m comment --comment "cali:5TQcm-i_T8rVGEEa" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT | |
| -A cali-failsafe-in -p udp -m comment --comment "cali:LwNV--R8MjeUYacw" -m multiport --dports 68 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:QOO5NUOqOSS1_Iw0" -m multiport --dports 179 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:cwZWoBSwVeIAZmVN" -m multiport --dports 2379 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:7FbNXT91kugE_upR" -m multiport --dports 2380 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:ywE9WYUBEpve70WT" -m multiport --dports 6666 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:l-WQSVBf_lygPR0J" -m multiport --dports 6667 -j ACCEPT | |
| COMMIT | |
| # Completed on Mon Feb 26 15:58:54 2018 | |
| # Generated by iptables-save v1.4.21 on Mon Feb 26 15:58:54 2018 | |
| *raw | |
| :PREROUTING ACCEPT [74095579:67877554267] | |
| :OUTPUT ACCEPT [16582293:10153852851] | |
| :cali-OUTPUT - [0:0] | |
| :cali-PREROUTING - [0:0] | |
| :cali-failsafe-in - [0:0] | |
| :cali-failsafe-out - [0:0] | |
| :cali-from-host-endpoint - [0:0] | |
| :cali-to-host-endpoint - [0:0] | |
| -A PREROUTING -m comment --comment "cali:6gwbT8clXdHdC1b1" -j cali-PREROUTING | |
| -A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT | |
| -A cali-OUTPUT -m comment --comment "cali:WX1xZBEtmbS0Rhjs" -j MARK --set-xmark 0x0/0xf000000 | |
| -A cali-OUTPUT -m comment --comment "cali:iE00ZyllJNXfrlg_" -j cali-to-host-endpoint | |
| -A cali-OUTPUT -m comment --comment "cali:Asois4hxp1rUxwJS" -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-PREROUTING -m comment --comment "cali:zatSDPVUhhPCk6Iy" -j MARK --set-xmark 0x0/0xf000000 | |
| -A cali-PREROUTING -i cali+ -m comment --comment "cali:-ES4EW0vxFmM81t8" -j MARK --set-xmark 0x4000000/0x4000000 | |
| -A cali-PREROUTING -m comment --comment "cali:VE1J3S_1t9q8GAsm" -m mark --mark 0x0/0x4000000 -j cali-from-host-endpoint | |
| -A cali-PREROUTING -m comment --comment "cali:VX8l4jKL9w89GXz5" -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT | |
| -A cali-failsafe-in -p udp -m comment --comment "cali:LwNV--R8MjeUYacw" -m multiport --dports 68 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:QOO5NUOqOSS1_Iw0" -m multiport --dports 179 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:cwZWoBSwVeIAZmVN" -m multiport --dports 2379 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:7FbNXT91kugE_upR" -m multiport --dports 2380 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:ywE9WYUBEpve70WT" -m multiport --dports 6666 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:l-WQSVBf_lygPR0J" -m multiport --dports 6667 -j ACCEPT | |
| -A cali-failsafe-out -p udp -m comment --comment "cali:82hjfji-wChFhAqL" -m multiport --dports 53 -j ACCEPT | |
| -A cali-failsafe-out -p udp -m comment --comment "cali:TNM3RfEjbNr72hgH" -m multiport --dports 67 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:ycxKitIl4u3dK0HR" -m multiport --dports 179 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:hxjEWyxdkXXkdvut" -m multiport --dports 2379 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:cA_GLtruuvG88KiO" -m multiport --dports 2380 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:Sb1hkLYFMrKS6r01" -m multiport --dports 6666 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:UwLSebGONJUG4yG-" -m multiport --dports 6667 -j ACCEPT | |
| COMMIT | |
| # Completed on Mon Feb 26 15:58:54 2018 | |
| # Generated by iptables-save v1.4.21 on Mon Feb 26 15:58:54 2018 | |
| *nat | |
| :PREROUTING ACCEPT [17:1196] | |
| :INPUT ACCEPT [0:0] | |
| :OUTPUT ACCEPT [19:988] | |
| :POSTROUTING ACCEPT [40:2632] | |
| :CNI-DN-3994dcc469a03ca2e0ef7 - [0:0] | |
| :CNI-HOSTPORT-DNAT - [0:0] | |
| :CNI-HOSTPORT-SNAT - [0:0] | |
| :CNI-SN-3994dcc469a03ca2e0ef7 - [0:0] | |
| :DOCKER - [0:0] | |
| :KUBE-MARK-DROP - [0:0] | |
| :KUBE-MARK-MASQ - [0:0] | |
| :KUBE-NODEPORTS - [0:0] | |
| :KUBE-POSTROUTING - [0:0] | |
| :KUBE-SEP-22BJC7TJ3Q7Z5AP3 - [0:0] | |
| :KUBE-SEP-2F7UPYN5VVIFY2AE - [0:0] | |
| :KUBE-SEP-3HUMLAWVMPSNSQLL - [0:0] | |
| :KUBE-SEP-3P2KRKYSNFTOBJ2A - [0:0] | |
| :KUBE-SEP-4B3E7DZJ5ARB7CIP - [0:0] | |
| :KUBE-SEP-4WBIPOFMRMOZDMKT - [0:0] | |
| :KUBE-SEP-5TIAOHHS3U4PNKDJ - [0:0] | |
| :KUBE-SEP-64PURVEM5GVKHOCN - [0:0] | |
| :KUBE-SEP-6WGZNGWLFVQQVXMS - [0:0] | |
| :KUBE-SEP-7GVXLYBNOOKG242H - [0:0] | |
| :KUBE-SEP-AMSEU6QCV5INO4SV - [0:0] | |
| :KUBE-SEP-BMFIEOXHNFSIVKRQ - [0:0] | |
| :KUBE-SEP-BRXC4LKKHZAH46VY - [0:0] | |
| :KUBE-SEP-C2BBIAVU7MWIA3SA - [0:0] | |
| :KUBE-SEP-CXC6AZSP4NKIP3YY - [0:0] | |
| :KUBE-SEP-DIRHUQZFBG4YF6WZ - [0:0] | |
| :KUBE-SEP-DXZH3JWKYY3MUSYI - [0:0] | |
| :KUBE-SEP-E77EUXLB6ZEVPBIH - [0:0] | |
| :KUBE-SEP-ETYZDTXJ6DFH5NWY - [0:0] | |
| :KUBE-SEP-EV276BLJB4B46LRT - [0:0] | |
| :KUBE-SEP-EXSX34IIUCB47OOZ - [0:0] | |
| :KUBE-SEP-EXV3QCISYPUMGVVE - [0:0] | |
| :KUBE-SEP-F2QQ2BCLOVQCXSRZ - [0:0] | |
| :KUBE-SEP-FS435MMEYKTVA2OB - [0:0] | |
| :KUBE-SEP-FYQNNQNIVEB5YAYV - [0:0] | |
| :KUBE-SEP-GTNOHM7IBWKPQ5CR - [0:0] | |
| :KUBE-SEP-I3L66HQHDQNKBWBR - [0:0] | |
| :KUBE-SEP-IT4S6RLI4OPEQWKY - [0:0] | |
| :KUBE-SEP-JDTM4WMNJO4U4WZG - [0:0] | |
| :KUBE-SEP-KKEKDRL2H47Q7BWM - [0:0] | |
| :KUBE-SEP-KWIH2IBUBZRFYFI4 - [0:0] | |
| :KUBE-SEP-KX4H4VOHJNSLIMJX - [0:0] | |
| :KUBE-SEP-KZRUUYJE3JFAJ4FB - [0:0] | |
| :KUBE-SEP-LOVVHDO3KSXLQQEE - [0:0] | |
| :KUBE-SEP-M5774M4D6Q2P4Y55 - [0:0] | |
| :KUBE-SEP-M7M3EQYP2M56J7VC - [0:0] | |
| :KUBE-SEP-MMJAFHMVAWV5GPZ4 - [0:0] | |
| :KUBE-SEP-MS525LDSYDUX3N5L - [0:0] | |
| :KUBE-SEP-MSOOCQMZ6P2X3T53 - [0:0] | |
| :KUBE-SEP-NJU5G6CW5QGTBYQA - [0:0] | |
| :KUBE-SEP-NKMZ7IVI7QCIMLWT - [0:0] | |
| :KUBE-SEP-NONRURDE3ID5BKTS - [0:0] | |
| :KUBE-SEP-PGUHKZ5VSWMFVFF3 - [0:0] | |
| :KUBE-SEP-Q2KSTZ5PWNRO4ME2 - [0:0] | |
| :KUBE-SEP-Q7PRX2CO553JMNR7 - [0:0] | |
| :KUBE-SEP-QYUYZXL3HTLMWSCM - [0:0] | |
| :KUBE-SEP-RSCOETR3Z67PN3YR - [0:0] | |
| :KUBE-SEP-RWDGAAHCUK3WK2XR - [0:0] | |
| :KUBE-SEP-S4UIZQEZCBZ5T26F - [0:0] | |
| :KUBE-SEP-SFODHYUUHOX72GUK - [0:0] | |
| :KUBE-SEP-SKJ2V2ROL5WQ2QSX - [0:0] | |
| :KUBE-SEP-SWSHTE5NW4ML4HIR - [0:0] | |
| :KUBE-SEP-T63XEQ5QQ4YBIKRF - [0:0] | |
| :KUBE-SEP-TCNFZ3M56TQU6FLD - [0:0] | |
| :KUBE-SEP-TDMX4OPBUZF3765R - [0:0] | |
| :KUBE-SEP-TZGS2R5YU5WJUIWD - [0:0] | |
| :KUBE-SEP-U2F2J3A4Q4J46H43 - [0:0] | |
| :KUBE-SEP-V6WXTD5HUH37WNZH - [0:0] | |
| :KUBE-SEP-VX7WY3Q5PAMKTPOG - [0:0] | |
| :KUBE-SEP-WDZQGLLJDOYWCECC - [0:0] | |
| :KUBE-SEP-XR76J46QCXVM5BWP - [0:0] | |
| :KUBE-SEP-XSP6FX6H5F7PJCVG - [0:0] | |
| :KUBE-SEP-XTV46RZWNG22FZ62 - [0:0] | |
| :KUBE-SEP-YTCG4RDLF6SWONHC - [0:0] | |
| :KUBE-SEP-ZDAZZQHPCMHFFOU4 - [0:0] | |
| :KUBE-SEP-ZJA6G3PBADYPOXFT - [0:0] | |
| :KUBE-SEP-ZKEUXHOP4Z4RS3AA - [0:0] | |
| :KUBE-SERVICES - [0:0] | |
| :KUBE-SVC-2O63TI72U7QUZERS - [0:0] | |
| :KUBE-SVC-2QFLXPI3464HMUTA - [0:0] | |
| :KUBE-SVC-3DVBOCYBFOXS4XOT - [0:0] | |
| :KUBE-SVC-43RTHYDCMXQB5QI4 - [0:0] | |
| :KUBE-SVC-44UG63QOLJNKHWWY - [0:0] | |
| :KUBE-SVC-5URCD7LMTHSEGXBZ - [0:0] | |
| :KUBE-SVC-6HFVUJPAXSK6HEZ4 - [0:0] | |
| :KUBE-SVC-6NWKCPDDIVGW7CFW - [0:0] | |
| :KUBE-SVC-7OAQIMZG7FWDPH6T - [0:0] | |
| :KUBE-SVC-7ZX7S3I4F2KLPYSQ - [0:0] | |
| :KUBE-SVC-A55TXGX2IH6NF7JT - [0:0] | |
| :KUBE-SVC-AJUJJJLZPKSQHN3C - [0:0] | |
| :KUBE-SVC-B3JAN72JUMCLJL4D - [0:0] | |
| :KUBE-SVC-B52UPACVHNQ5LUL4 - [0:0] | |
| :KUBE-SVC-B6RTVMQFNQXWNH6D - [0:0] | |
| :KUBE-SVC-BYU6YLX73OKRGPUK - [0:0] | |
| :KUBE-SVC-F3JXOHKQZSE4RJLW - [0:0] | |
| :KUBE-SVC-FAITROITGXHS3QVF - [0:0] | |
| :KUBE-SVC-FQBQAN7TX7CO56Z5 - [0:0] | |
| :KUBE-SVC-GLLVRLHH7OD6NK7V - [0:0] | |
| :KUBE-SVC-GQIIURXLVLFTRBCX - [0:0] | |
| :KUBE-SVC-IOS6WKUS5MDY5T6F - [0:0] | |
| :KUBE-SVC-K7J76NXP7AUZVFGS - [0:0] | |
| :KUBE-SVC-KO7XDDJ2W4MCTV62 - [0:0] | |
| :KUBE-SVC-LLE7QNYR6M47DQPH - [0:0] | |
| :KUBE-SVC-LLRKVPT5PAP7SHZW - [0:0] | |
| :KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0] | |
| :KUBE-SVC-NYMZ7ZAKAINZYU3G - [0:0] | |
| :KUBE-SVC-O7OJTXC5GRPT2FHJ - [0:0] | |
| :KUBE-SVC-PLMGNY7S5IQEJPTP - [0:0] | |
| :KUBE-SVC-QTBFZ47USBAWMYIG - [0:0] | |
| :KUBE-SVC-RALSPAEQVM63RCZL - [0:0] | |
| :KUBE-SVC-SVGCRDKHREZUMCLA - [0:0] | |
| :KUBE-SVC-TLAQXR2JYFLX6OG2 - [0:0] | |
| :KUBE-SVC-TTYOMRXZDYRBT232 - [0:0] | |
| :KUBE-SVC-TYQ72QOLLM3BFQ7V - [0:0] | |
| :KUBE-SVC-UMXEFDOAEKMHOZ7R - [0:0] | |
| :KUBE-SVC-VCTXHUPCHVP2B3HJ - [0:0] | |
| :KUBE-SVC-VXZN2WGXOODQNOFC - [0:0] | |
| :KUBE-SVC-W54GDIPLOAY5YJYL - [0:0] | |
| :KUBE-SVC-WAY44DSNYJTDTMYJ - [0:0] | |
| :KUBE-SVC-YHQ2YSOWSDOSOQY5 - [0:0] | |
| :KUBE-SVC-YRKYVRIXDKPPOUOC - [0:0] | |
| :KUBE-SVC-ZRLRAB2E5DTUX37C - [0:0] | |
| :KUBE-SVC-ZXIJAQVGV5HKY3Y2 - [0:0] | |
| :cali-OUTPUT - [0:0] | |
| :cali-POSTROUTING - [0:0] | |
| :cali-PREROUTING - [0:0] | |
| :cali-fip-dnat - [0:0] | |
| :cali-fip-snat - [0:0] | |
| :cali-nat-outgoing - [0:0] | |
| -A PREROUTING -m comment --comment "cali:6gwbT8clXdHdC1b1" -j cali-PREROUTING | |
| -A PREROUTING -m addrtype --dst-type LOCAL -j CNI-HOSTPORT-DNAT | |
| -A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER | |
| -A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT | |
| -A OUTPUT -m addrtype --dst-type LOCAL -j CNI-HOSTPORT-DNAT | |
| -A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A OUTPUT -m addrtype --dst-type LOCAL -j DOCKER | |
| -A POSTROUTING -m comment --comment "cali:O3lYWMrLQYEMJtB5" -j cali-POSTROUTING | |
| -A POSTROUTING -s 127.0.0.1/32 ! -d 127.0.0.1/32 -j CNI-HOSTPORT-SNAT | |
| -A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING | |
| -A POSTROUTING -o docker0 -m addrtype --src-type LOCAL -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE | |
| -A CNI-DN-3994dcc469a03ca2e0ef7 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.128.136:80 | |
| -A CNI-DN-3994dcc469a03ca2e0ef7 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.128.136:443 | |
| -A CNI-HOSTPORT-DNAT -m comment --comment "dnat name: \"k8s-pod-network\" id: \"d5d8bef9b54264aee5d9dc85c00abf90c204ca023f8412280585ff88ba4dd738\"" -j CNI-DN-3994dcc469a03ca2e0ef7 | |
| -A CNI-HOSTPORT-SNAT -m comment --comment "snat name: \"k8s-pod-network\" id: \"d5d8bef9b54264aee5d9dc85c00abf90c204ca023f8412280585ff88ba4dd738\"" -j CNI-SN-3994dcc469a03ca2e0ef7 | |
| -A CNI-SN-3994dcc469a03ca2e0ef7 -s 127.0.0.1/32 -d 192.168.128.136/32 -p tcp -m tcp --dport 80 -j MASQUERADE | |
| -A CNI-SN-3994dcc469a03ca2e0ef7 -s 127.0.0.1/32 -d 192.168.128.136/32 -p tcp -m tcp --dport 443 -j MASQUERADE | |
| -A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000 | |
| -A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000 | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/default-http-backend:" -m tcp --dport 32368 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/default-http-backend:" -m tcp --dport 32368 -j KUBE-SVC-2QFLXPI3464HMUTA | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/companyd:" -m tcp --dport 32151 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/companyd:" -m tcp --dport 32151 -j KUBE-SVC-QTBFZ47USBAWMYIG | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/kubernetesd:http" -m tcp --dport 30549 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/kubernetesd:http" -m tcp --dport 30549 -j KUBE-SVC-UMXEFDOAEKMHOZ7R | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/tokend:" -m tcp --dport 32618 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/tokend:" -m tcp --dport 32618 -j KUBE-SVC-7OAQIMZG7FWDPH6T | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/aws-operator:" -m tcp --dport 30811 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/aws-operator:" -m tcp --dport 30811 -j KUBE-SVC-GLLVRLHH7OD6NK7V | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "default/vault:api" -m tcp --dport 31477 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "default/vault:api" -m tcp --dport 31477 -j KUBE-SVC-YRKYVRIXDKPPOUOC | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/userd:" -m tcp --dport 31167 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/userd:" -m tcp --dport 31167 -j KUBE-SVC-PLMGNY7S5IQEJPTP | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/cluster-service:" -m tcp --dport 31426 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/cluster-service:" -m tcp --dport 31426 -j KUBE-SVC-7ZX7S3I4F2KLPYSQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/testbot:" -m tcp --dport 30007 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/testbot:" -m tcp --dport 30007 -j KUBE-SVC-ZXIJAQVGV5HKY3Y2 | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/desmotes:" -m tcp --dport 32141 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/desmotes:" -m tcp --dport 32141 -j KUBE-SVC-IOS6WKUS5MDY5T6F | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/happa:" -m tcp --dport 32496 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/happa:" -m tcp --dport 32496 -j KUBE-SVC-FQBQAN7TX7CO56Z5 | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/nginx-ingress-controller:https" -m tcp --dport 30011 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/nginx-ingress-controller:https" -m tcp --dport 30011 -j KUBE-SVC-F3JXOHKQZSE4RJLW | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/api:" -m tcp --dport 30251 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/api:" -m tcp --dport 30251 -j KUBE-SVC-TYQ72QOLLM3BFQ7V | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/passage:" -m tcp --dport 32083 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/passage:" -m tcp --dport 32083 -j KUBE-SVC-BYU6YLX73OKRGPUK | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/passage-redis:" -m tcp --dport 32340 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "giantswarm/passage-redis:" -m tcp --dport 32340 -j KUBE-SVC-B3JAN72JUMCLJL4D | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/nginx-ingress-controller:http" -m tcp --dport 30010 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/nginx-ingress-controller:http" -m tcp --dport 30010 -j KUBE-SVC-5URCD7LMTHSEGXBZ | |
| -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE | |
| -A KUBE-SEP-22BJC7TJ3Q7Z5AP3 -s 192.168.177.221/32 -m comment --comment "monitoring/prometheus-config-controller:config" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-22BJC7TJ3Q7Z5AP3 -p tcp -m comment --comment "monitoring/prometheus-config-controller:config" -m tcp -j DNAT --to-destination 192.168.177.221:8001 | |
| -A KUBE-SEP-2F7UPYN5VVIFY2AE -s 10.0.5.17/32 -m comment --comment "monitoring/cert-exporter:cert-exporter" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-2F7UPYN5VVIFY2AE -p tcp -m comment --comment "monitoring/cert-exporter:cert-exporter" -m tcp -j DNAT --to-destination 10.0.5.17:9005 | |
| -A KUBE-SEP-3HUMLAWVMPSNSQLL -s 192.168.128.136/32 -m comment --comment "kube-system/nginx-ingress-controller:https" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-3HUMLAWVMPSNSQLL -p tcp -m comment --comment "kube-system/nginx-ingress-controller:https" -m tcp -j DNAT --to-destination 192.168.128.136:443 | |
| -A KUBE-SEP-3P2KRKYSNFTOBJ2A -s 192.168.248.228/32 -m comment --comment "monitoring/elasticsearch:elasticsearch" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-3P2KRKYSNFTOBJ2A -p tcp -m comment --comment "monitoring/elasticsearch:elasticsearch" -m tcp -j DNAT --to-destination 192.168.248.228:9200 | |
| -A KUBE-SEP-4B3E7DZJ5ARB7CIP -s 192.168.20.194/32 -m comment --comment "kube-system/nginx-ingress-controller:http" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-4B3E7DZJ5ARB7CIP -p tcp -m comment --comment "kube-system/nginx-ingress-controller:http" -m tcp -j DNAT --to-destination 192.168.20.194:80 | |
| -A KUBE-SEP-4WBIPOFMRMOZDMKT -s 10.0.5.112/32 -m comment --comment "monitoring/node-exporter:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-4WBIPOFMRMOZDMKT -p tcp -m comment --comment "monitoring/node-exporter:" -m tcp -j DNAT --to-destination 10.0.5.112:9100 | |
| -A KUBE-SEP-5TIAOHHS3U4PNKDJ -s 192.168.128.158/32 -m comment --comment "monitoring/cloudwatch-exporter:cloudwatch-exporter" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-5TIAOHHS3U4PNKDJ -p tcp -m comment --comment "monitoring/cloudwatch-exporter:cloudwatch-exporter" -m tcp -j DNAT --to-destination 192.168.128.158:9106 | |
| -A KUBE-SEP-64PURVEM5GVKHOCN -s 192.168.248.230/32 -m comment --comment "kube-system/coredns:dns" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-64PURVEM5GVKHOCN -p udp -m comment --comment "kube-system/coredns:dns" -m udp -j DNAT --to-destination 192.168.248.230:53 | |
| -A KUBE-SEP-6WGZNGWLFVQQVXMS -s 10.0.5.166/32 -m comment --comment "monitoring/node-exporter:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-6WGZNGWLFVQQVXMS -p tcp -m comment --comment "monitoring/node-exporter:" -m tcp -j DNAT --to-destination 10.0.5.166:9100 | |
| -A KUBE-SEP-7GVXLYBNOOKG242H -s 10.0.5.38/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-7GVXLYBNOOKG242H -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-7GVXLYBNOOKG242H --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.0.5.38:443 | |
| -A KUBE-SEP-AMSEU6QCV5INO4SV -s 192.168.128.178/32 -m comment --comment "kube-system/default-http-backend:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-AMSEU6QCV5INO4SV -p tcp -m comment --comment "kube-system/default-http-backend:" -m tcp -j DNAT --to-destination 192.168.128.178:8080 | |
| -A KUBE-SEP-BMFIEOXHNFSIVKRQ -s 192.168.177.222/32 -m comment --comment "kube-system/coredns:dns-tcp" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-BMFIEOXHNFSIVKRQ -p tcp -m comment --comment "kube-system/coredns:dns-tcp" -m tcp -j DNAT --to-destination 192.168.177.222:53 | |
| -A KUBE-SEP-BRXC4LKKHZAH46VY -s 192.168.20.207/32 -m comment --comment "monitoring/grafana:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-BRXC4LKKHZAH46VY -p tcp -m comment --comment "monitoring/grafana:" -m tcp -j DNAT --to-destination 192.168.20.207:3000 | |
| -A KUBE-SEP-C2BBIAVU7MWIA3SA -s 10.0.5.157/32 -m comment --comment "monitoring/cert-exporter:cert-exporter" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-C2BBIAVU7MWIA3SA -p tcp -m comment --comment "monitoring/cert-exporter:cert-exporter" -m tcp -j DNAT --to-destination 10.0.5.157:9005 | |
| -A KUBE-SEP-CXC6AZSP4NKIP3YY -s 192.168.177.221/32 -m comment --comment "monitoring/prometheus:prometheus" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-CXC6AZSP4NKIP3YY -p tcp -m comment --comment "monitoring/prometheus:prometheus" -m tcp -j DNAT --to-destination 192.168.177.221:9090 | |
| -A KUBE-SEP-DIRHUQZFBG4YF6WZ -s 192.168.248.201/32 -m comment --comment "giantswarm/happa:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-DIRHUQZFBG4YF6WZ -p tcp -m comment --comment "giantswarm/happa:" -m tcp -j DNAT --to-destination 192.168.248.201:8000 | |
| -A KUBE-SEP-DXZH3JWKYY3MUSYI -s 192.168.128.131/32 -m comment --comment "giantswarm/passage-redis:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-DXZH3JWKYY3MUSYI -p tcp -m comment --comment "giantswarm/passage-redis:" -m tcp -j DNAT --to-destination 192.168.128.131:6379 | |
| -A KUBE-SEP-E77EUXLB6ZEVPBIH -s 10.0.5.38/32 -m comment --comment "monitoring/node-exporter:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-E77EUXLB6ZEVPBIH -p tcp -m comment --comment "monitoring/node-exporter:" -m tcp -j DNAT --to-destination 10.0.5.38:9100 | |
| -A KUBE-SEP-ETYZDTXJ6DFH5NWY -s 192.168.128.133/32 -m comment --comment "giantswarm/cluster-operator:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ETYZDTXJ6DFH5NWY -p tcp -m comment --comment "giantswarm/cluster-operator:" -m tcp -j DNAT --to-destination 192.168.128.133:8000 | |
| -A KUBE-SEP-EV276BLJB4B46LRT -s 192.168.128.138/32 -m comment --comment "giantswarm/passage:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-EV276BLJB4B46LRT -p tcp -m comment --comment "giantswarm/passage:" -m tcp -j DNAT --to-destination 192.168.128.138:8000 | |
| -A KUBE-SEP-EXSX34IIUCB47OOZ -s 192.168.20.227/32 -m comment --comment "kube-system/default-http-backend:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-EXSX34IIUCB47OOZ -p tcp -m comment --comment "kube-system/default-http-backend:" -m tcp -j DNAT --to-destination 192.168.20.227:8080 | |
| -A KUBE-SEP-EXV3QCISYPUMGVVE -s 192.168.20.208/32 -m comment --comment "kube-system/kube-lego-nginx:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-EXV3QCISYPUMGVVE -p tcp -m comment --comment "kube-system/kube-lego-nginx:" -m tcp -j DNAT --to-destination 192.168.20.208:8080 | |
| -A KUBE-SEP-F2QQ2BCLOVQCXSRZ -s 192.168.20.209/32 -m comment --comment "giantswarm/node-operator:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-F2QQ2BCLOVQCXSRZ -p tcp -m comment --comment "giantswarm/node-operator:" -m tcp -j DNAT --to-destination 192.168.20.209:8000 | |
| -A KUBE-SEP-FS435MMEYKTVA2OB -s 192.168.128.137/32 -m comment --comment "giantswarm/cluster-service:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-FS435MMEYKTVA2OB -p tcp -m comment --comment "giantswarm/cluster-service:" -m tcp -j DNAT --to-destination 192.168.128.137:8000 | |
| -A KUBE-SEP-FYQNNQNIVEB5YAYV -s 192.168.128.136/32 -m comment --comment "kube-system/nginx-ingress-controller:http" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-FYQNNQNIVEB5YAYV -p tcp -m comment --comment "kube-system/nginx-ingress-controller:http" -m tcp -j DNAT --to-destination 192.168.128.136:80 | |
| -A KUBE-SEP-GTNOHM7IBWKPQ5CR -s 192.168.128.175/32 -m comment --comment "monitoring/kube-state-metrics:kube-state-metrics" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-GTNOHM7IBWKPQ5CR -p tcp -m comment --comment "monitoring/kube-state-metrics:kube-state-metrics" -m tcp -j DNAT --to-destination 192.168.128.175:8080 | |
| -A KUBE-SEP-I3L66HQHDQNKBWBR -s 192.168.20.194/32 -m comment --comment "kube-system/nginx-ingress-controller:https" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-I3L66HQHDQNKBWBR -p tcp -m comment --comment "kube-system/nginx-ingress-controller:https" -m tcp -j DNAT --to-destination 192.168.20.194:443 | |
| -A KUBE-SEP-IT4S6RLI4OPEQWKY -s 192.168.20.225/32 -m comment --comment "monitoring/heartbeat-proxy:heartbeat-proxy" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-IT4S6RLI4OPEQWKY -p tcp -m comment --comment "monitoring/heartbeat-proxy:heartbeat-proxy" -m tcp -j DNAT --to-destination 192.168.20.225:8000 | |
| -A KUBE-SEP-JDTM4WMNJO4U4WZG -s 192.168.177.213/32 -m comment --comment "giantswarm/api:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-JDTM4WMNJO4U4WZG -p tcp -m comment --comment "giantswarm/api:" -m tcp -j DNAT --to-destination 192.168.177.213:8000 | |
| -A KUBE-SEP-KKEKDRL2H47Q7BWM -s 192.168.177.221/32 -m comment --comment "monitoring/prometheus:nginx" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-KKEKDRL2H47Q7BWM -p tcp -m comment --comment "monitoring/prometheus:nginx" -m tcp -j DNAT --to-destination 192.168.177.221:8000 | |
| -A KUBE-SEP-KWIH2IBUBZRFYFI4 -s 192.168.128.174/32 -m comment --comment "monitoring/alertmanager:alertmanager" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-KWIH2IBUBZRFYFI4 -p tcp -m comment --comment "monitoring/alertmanager:alertmanager" -m tcp -j DNAT --to-destination 192.168.128.174:9093 | |
| -A KUBE-SEP-KX4H4VOHJNSLIMJX -s 192.168.248.207/32 -m comment --comment "draughtsman/draughtsman:draughtsman" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-KX4H4VOHJNSLIMJX -p tcp -m comment --comment "draughtsman/draughtsman:draughtsman" -m tcp -j DNAT --to-destination 192.168.248.207:8000 | |
| -A KUBE-SEP-KZRUUYJE3JFAJ4FB -s 192.168.128.176/32 -m comment --comment "monitoring/heartbeat-proxy:heartbeat-proxy" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-KZRUUYJE3JFAJ4FB -p tcp -m comment --comment "monitoring/heartbeat-proxy:heartbeat-proxy" -m tcp -j DNAT --to-destination 192.168.128.176:8000 | |
| -A KUBE-SEP-LOVVHDO3KSXLQQEE -s 192.168.177.205/32 -m comment --comment "giantswarm/desmotes:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-LOVVHDO3KSXLQQEE -p tcp -m comment --comment "giantswarm/desmotes:" -m tcp -j DNAT --to-destination 192.168.177.205:5000 | |
| -A KUBE-SEP-M5774M4D6Q2P4Y55 -s 192.168.248.230/32 -m comment --comment "kube-system/coredns:dns-tcp" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-M5774M4D6Q2P4Y55 -p tcp -m comment --comment "kube-system/coredns:dns-tcp" -m tcp -j DNAT --to-destination 192.168.248.230:53 | |
| -A KUBE-SEP-M7M3EQYP2M56J7VC -s 192.168.128.144/32 -m comment --comment "giantswarm/api:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-M7M3EQYP2M56J7VC -p tcp -m comment --comment "giantswarm/api:" -m tcp -j DNAT --to-destination 192.168.128.144:8000 | |
| -A KUBE-SEP-MMJAFHMVAWV5GPZ4 -s 192.168.20.222/32 -m comment --comment "giantswarm/cert-operator:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-MMJAFHMVAWV5GPZ4 -p tcp -m comment --comment "giantswarm/cert-operator:" -m tcp -j DNAT --to-destination 192.168.20.222:8000 | |
| -A KUBE-SEP-MS525LDSYDUX3N5L -s 192.168.177.197/32 -m comment --comment "giantswarm/passage:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-MS525LDSYDUX3N5L -p tcp -m comment --comment "giantswarm/passage:" -m tcp -j DNAT --to-destination 192.168.177.197:8000 | |
| -A KUBE-SEP-MSOOCQMZ6P2X3T53 -s 192.168.248.217/32 -m comment --comment "monitoring/kibana:kibana" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-MSOOCQMZ6P2X3T53 -p tcp -m comment --comment "monitoring/kibana:kibana" -m tcp -j DNAT --to-destination 192.168.248.217:5601 | |
| -A KUBE-SEP-NJU5G6CW5QGTBYQA -s 192.168.128.177/32 -m comment --comment "kube-system/coredns:dns" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-NJU5G6CW5QGTBYQA -p udp -m comment --comment "kube-system/coredns:dns" -m udp -j DNAT --to-destination 192.168.128.177:53 | |
| -A KUBE-SEP-NKMZ7IVI7QCIMLWT -s 10.1.2.40/32 -m comment --comment "ar3s3/master:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-NKMZ7IVI7QCIMLWT -p tcp -m comment --comment "ar3s3/master:" -m tcp -j DNAT --to-destination 10.1.2.40:443 | |
| -A KUBE-SEP-NONRURDE3ID5BKTS -s 10.0.5.166/32 -m comment --comment "monitoring/cert-exporter:cert-exporter" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-NONRURDE3ID5BKTS -p tcp -m comment --comment "monitoring/cert-exporter:cert-exporter" -m tcp -j DNAT --to-destination 10.0.5.166:9005 | |
| -A KUBE-SEP-PGUHKZ5VSWMFVFF3 -s 192.168.20.201/32 -m comment --comment "giantswarm/tokend:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-PGUHKZ5VSWMFVFF3 -p tcp -m comment --comment "giantswarm/tokend:" -m tcp -j DNAT --to-destination 192.168.20.201:8000 | |
| -A KUBE-SEP-Q2KSTZ5PWNRO4ME2 -s 192.168.177.204/32 -m comment --comment "giantswarm/kubernetesd:http" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-Q2KSTZ5PWNRO4ME2 -p tcp -m comment --comment "giantswarm/kubernetesd:http" -m tcp -j DNAT --to-destination 192.168.177.204:8000 | |
| -A KUBE-SEP-Q7PRX2CO553JMNR7 -s 192.168.177.222/32 -m comment --comment "kube-system/coredns:dns" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-Q7PRX2CO553JMNR7 -p udp -m comment --comment "kube-system/coredns:dns" -m udp -j DNAT --to-destination 192.168.177.222:53 | |
| -A KUBE-SEP-QYUYZXL3HTLMWSCM -s 10.0.5.38/32 -m comment --comment "monitoring/cert-exporter:cert-exporter" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-QYUYZXL3HTLMWSCM -p tcp -m comment --comment "monitoring/cert-exporter:cert-exporter" -m tcp -j DNAT --to-destination 10.0.5.38:9005 | |
| -A KUBE-SEP-RSCOETR3Z67PN3YR -s 192.168.248.217/32 -m comment --comment "monitoring/kibana:nginx" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-RSCOETR3Z67PN3YR -p tcp -m comment --comment "monitoring/kibana:nginx" -m tcp -j DNAT --to-destination 192.168.248.217:8000 | |
| -A KUBE-SEP-RWDGAAHCUK3WK2XR -s 192.168.128.174/32 -m comment --comment "monitoring/alertmanager:nginx" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-RWDGAAHCUK3WK2XR -p tcp -m comment --comment "monitoring/alertmanager:nginx" -m tcp -j DNAT --to-destination 192.168.128.174:8000 | |
| -A KUBE-SEP-S4UIZQEZCBZ5T26F -s 192.168.20.226/32 -m comment --comment "giantswarm/aws-operator:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-S4UIZQEZCBZ5T26F -p tcp -m comment --comment "giantswarm/aws-operator:" -m tcp -j DNAT --to-destination 192.168.20.226:8000 | |
| -A KUBE-SEP-SFODHYUUHOX72GUK -s 10.0.5.157/32 -m comment --comment "monitoring/node-exporter:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-SFODHYUUHOX72GUK -p tcp -m comment --comment "monitoring/node-exporter:" -m tcp -j DNAT --to-destination 10.0.5.157:9100 | |
| -A KUBE-SEP-SKJ2V2ROL5WQ2QSX -s 192.168.20.204/32 -m comment --comment "giantswarm/kubernetesd:http" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-SKJ2V2ROL5WQ2QSX -p tcp -m comment --comment "giantswarm/kubernetesd:http" -m tcp -j DNAT --to-destination 192.168.20.204:8000 | |
| -A KUBE-SEP-SWSHTE5NW4ML4HIR -s 10.0.5.17/32 -m comment --comment "monitoring/node-exporter:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-SWSHTE5NW4ML4HIR -p tcp -m comment --comment "monitoring/node-exporter:" -m tcp -j DNAT --to-destination 10.0.5.17:9100 | |
| -A KUBE-SEP-T63XEQ5QQ4YBIKRF -s 10.1.74.84/32 -m comment --comment "rs5z6/master:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-T63XEQ5QQ4YBIKRF -p tcp -m comment --comment "rs5z6/master:" -m tcp -j DNAT --to-destination 10.1.74.84:443 | |
| -A KUBE-SEP-TCNFZ3M56TQU6FLD -s 192.168.128.177/32 -m comment --comment "kube-system/coredns:dns-tcp" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-TCNFZ3M56TQU6FLD -p tcp -m comment --comment "kube-system/coredns:dns-tcp" -m tcp -j DNAT --to-destination 192.168.128.177:53 | |
| -A KUBE-SEP-TDMX4OPBUZF3765R -s 192.168.20.213/32 -m comment --comment "giantswarm/happa:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-TDMX4OPBUZF3765R -p tcp -m comment --comment "giantswarm/happa:" -m tcp -j DNAT --to-destination 192.168.20.213:8000 | |
| -A KUBE-SEP-TZGS2R5YU5WJUIWD -s 10.0.5.112/32 -m comment --comment "monitoring/cert-exporter:cert-exporter" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-TZGS2R5YU5WJUIWD -p tcp -m comment --comment "monitoring/cert-exporter:cert-exporter" -m tcp -j DNAT --to-destination 10.0.5.112:9005 | |
| -A KUBE-SEP-U2F2J3A4Q4J46H43 -s 192.168.177.195/32 -m comment --comment "kube-system/nginx-ingress-controller:https" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-U2F2J3A4Q4J46H43 -p tcp -m comment --comment "kube-system/nginx-ingress-controller:https" -m tcp -j DNAT --to-destination 192.168.177.195:443 | |
| -A KUBE-SEP-V6WXTD5HUH37WNZH -s 192.168.20.205/32 -m comment --comment "giantswarm/desmotes:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-V6WXTD5HUH37WNZH -p tcp -m comment --comment "giantswarm/desmotes:" -m tcp -j DNAT --to-destination 192.168.20.205:5000 | |
| -A KUBE-SEP-VX7WY3Q5PAMKTPOG -s 192.168.177.200/32 -m comment --comment "giantswarm/companyd:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-VX7WY3Q5PAMKTPOG -p tcp -m comment --comment "giantswarm/companyd:" -m tcp -j DNAT --to-destination 192.168.177.200:8000 | |
| -A KUBE-SEP-WDZQGLLJDOYWCECC -s 192.168.248.228/32 -m comment --comment "monitoring/elasticsearch:nginx" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-WDZQGLLJDOYWCECC -p tcp -m comment --comment "monitoring/elasticsearch:nginx" -m tcp -j DNAT --to-destination 192.168.248.228:8000 | |
| -A KUBE-SEP-XR76J46QCXVM5BWP -s 192.168.20.203/32 -m comment --comment "giantswarm/userd:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-XR76J46QCXVM5BWP -p tcp -m comment --comment "giantswarm/userd:" -m tcp -j DNAT --to-destination 192.168.20.203:8000 | |
| -A KUBE-SEP-XSP6FX6H5F7PJCVG -s 192.168.177.202/32 -m comment --comment "giantswarm/cluster-service:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-XSP6FX6H5F7PJCVG -p tcp -m comment --comment "giantswarm/cluster-service:" -m tcp -j DNAT --to-destination 192.168.177.202:8000 | |
| -A KUBE-SEP-XTV46RZWNG22FZ62 -s 192.168.177.207/32 -m comment --comment "giantswarm/userd:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-XTV46RZWNG22FZ62 -p tcp -m comment --comment "giantswarm/userd:" -m tcp -j DNAT --to-destination 192.168.177.207:8000 | |
| -A KUBE-SEP-YTCG4RDLF6SWONHC -s 192.168.177.195/32 -m comment --comment "kube-system/nginx-ingress-controller:http" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-YTCG4RDLF6SWONHC -p tcp -m comment --comment "kube-system/nginx-ingress-controller:http" -m tcp -j DNAT --to-destination 192.168.177.195:80 | |
| -A KUBE-SEP-ZDAZZQHPCMHFFOU4 -s 192.168.128.132/32 -m comment --comment "giantswarm/companyd:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ZDAZZQHPCMHFFOU4 -p tcp -m comment --comment "giantswarm/companyd:" -m tcp -j DNAT --to-destination 192.168.128.132:8000 | |
| -A KUBE-SEP-ZJA6G3PBADYPOXFT -s 192.168.177.196/32 -m comment --comment "kube-system/tiller-deploy:tiller" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ZJA6G3PBADYPOXFT -p tcp -m comment --comment "kube-system/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 192.168.177.196:44134 | |
| -A KUBE-SEP-ZKEUXHOP4Z4RS3AA -s 192.168.177.198/32 -m comment --comment "giantswarm/tokend:" -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ZKEUXHOP4Z4RS3AA -p tcp -m comment --comment "giantswarm/tokend:" -m tcp -j DNAT --to-destination 192.168.177.198:8000 | |
| -A KUBE-SERVICES -d 172.31.0.60/32 -p tcp -m comment --comment "kube-system/default-http-backend: cluster IP" -m tcp --dport 80 -j KUBE-SVC-2QFLXPI3464HMUTA | |
| -A KUBE-SERVICES -d 172.31.0.19/32 -p tcp -m comment --comment "giantswarm/companyd: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-QTBFZ47USBAWMYIG | |
| -A KUBE-SERVICES -d 172.31.75.217/32 -p tcp -m comment --comment "monitoring/kibana:kibana cluster IP" -m tcp --dport 5601 -j KUBE-SVC-WAY44DSNYJTDTMYJ | |
| -A KUBE-SERVICES -d 172.31.13.246/32 -p tcp -m comment --comment "rs5z6/master: cluster IP" -m tcp --dport 443 -j KUBE-SVC-YHQ2YSOWSDOSOQY5 | |
| -A KUBE-SERVICES -d 172.31.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y | |
| -A KUBE-SERVICES -d 172.31.0.56/32 -p tcp -m comment --comment "monitoring/cloudwatch-exporter:cloudwatch-exporter cluster IP" -m tcp --dport 9106 -j KUBE-SVC-43RTHYDCMXQB5QI4 | |
| -A KUBE-SERVICES -d 172.31.0.139/32 -p tcp -m comment --comment "monitoring/prometheus:nginx cluster IP" -m tcp --dport 8000 -j KUBE-SVC-W54GDIPLOAY5YJYL | |
| -A KUBE-SERVICES -d 172.31.0.197/32 -p tcp -m comment --comment "giantswarm/kubernetesd:http cluster IP" -m tcp --dport 8000 -j KUBE-SVC-UMXEFDOAEKMHOZ7R | |
| -A KUBE-SERVICES -d 172.31.0.10/32 -p tcp -m comment --comment "kube-system/coredns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-FAITROITGXHS3QVF | |
| -A KUBE-SERVICES -d 172.31.0.250/32 -p tcp -m comment --comment "monitoring/prometheus-config-controller:config cluster IP" -m tcp --dport 8001 -j KUBE-SVC-6HFVUJPAXSK6HEZ4 | |
| -A KUBE-SERVICES -d 172.31.0.20/32 -p tcp -m comment --comment "giantswarm/tokend: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-7OAQIMZG7FWDPH6T | |
| -A KUBE-SERVICES -d 172.31.0.90/32 -p tcp -m comment --comment "monitoring/kube-state-metrics:kube-state-metrics cluster IP" -m tcp --dport 8080 -j KUBE-SVC-VXZN2WGXOODQNOFC | |
| -A KUBE-SERVICES -d 172.31.0.118/32 -p tcp -m comment --comment "giantswarm/aws-operator: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-GLLVRLHH7OD6NK7V | |
| -A KUBE-SERVICES -d 172.31.0.57/32 -p tcp -m comment --comment "giantswarm/node-operator: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-B6RTVMQFNQXWNH6D | |
| -A KUBE-SERVICES -d 172.31.0.249/32 -p tcp -m comment --comment "monitoring/alertmanager:alertmanager cluster IP" -m tcp --dport 9093 -j KUBE-SVC-6NWKCPDDIVGW7CFW | |
| -A KUBE-SERVICES -d 172.31.0.109/32 -p tcp -m comment --comment "kube-system/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-K7J76NXP7AUZVFGS | |
| -A KUBE-SERVICES -d 172.31.0.113/32 -p tcp -m comment --comment "default/vault:api cluster IP" -m tcp --dport 8200 -j KUBE-SVC-YRKYVRIXDKPPOUOC | |
| -A KUBE-SERVICES -d 172.31.0.203/32 -p tcp -m comment --comment "draughtsman/draughtsman-eventer:draughtsman-eventer cluster IP" -m tcp --dport 8000 -j KUBE-SVC-NYMZ7ZAKAINZYU3G | |
| -A KUBE-SERVICES -d 172.31.0.213/32 -p tcp -m comment --comment "giantswarm/userd: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-PLMGNY7S5IQEJPTP | |
| -A KUBE-SERVICES -d 172.31.0.10/32 -p udp -m comment --comment "kube-system/coredns:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-ZRLRAB2E5DTUX37C | |
| -A KUBE-SERVICES -d 172.31.0.251/32 -p tcp -m comment --comment "giantswarm/cluster-service: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-7ZX7S3I4F2KLPYSQ | |
| -A KUBE-SERVICES -d 172.31.0.139/32 -p tcp -m comment --comment "monitoring/prometheus:prometheus cluster IP" -m tcp --dport 9090 -j KUBE-SVC-KO7XDDJ2W4MCTV62 | |
| -A KUBE-SERVICES -d 172.31.0.117/32 -p tcp -m comment --comment "giantswarm/testbot: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-ZXIJAQVGV5HKY3Y2 | |
| -A KUBE-SERVICES -d 172.31.0.11/32 -p tcp -m comment --comment "giantswarm/desmotes: cluster IP" -m tcp --dport 5000 -j KUBE-SVC-IOS6WKUS5MDY5T6F | |
| -A KUBE-SERVICES -d 172.31.0.4/32 -p tcp -m comment --comment "draughtsman/draughtsman-operator: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-3DVBOCYBFOXS4XOT | |
| -A KUBE-SERVICES -d 172.31.0.249/32 -p tcp -m comment --comment "monitoring/alertmanager:nginx cluster IP" -m tcp --dport 8000 -j KUBE-SVC-SVGCRDKHREZUMCLA | |
| -A KUBE-SERVICES -d 172.31.0.247/32 -p tcp -m comment --comment "giantswarm/happa: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-FQBQAN7TX7CO56Z5 | |
| -A KUBE-SERVICES -d 172.31.0.209/32 -p tcp -m comment --comment "kube-system/nginx-ingress-controller:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-F3JXOHKQZSE4RJLW | |
| -A KUBE-SERVICES -d 172.31.0.205/32 -p tcp -m comment --comment "giantswarm/api: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-TYQ72QOLLM3BFQ7V | |
| -A KUBE-SERVICES -d 172.31.75.217/32 -p tcp -m comment --comment "monitoring/kibana:nginx cluster IP" -m tcp --dport 8000 -j KUBE-SVC-GQIIURXLVLFTRBCX | |
| -A KUBE-SERVICES -d 172.31.0.220/32 -p tcp -m comment --comment "giantswarm/passage: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-BYU6YLX73OKRGPUK | |
| -A KUBE-SERVICES -d 172.31.0.46/32 -p tcp -m comment --comment "giantswarm/cluster-operator: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-2O63TI72U7QUZERS | |
| -A KUBE-SERVICES -d 172.31.0.192/32 -p tcp -m comment --comment "monitoring/node-exporter: cluster IP" -m tcp --dport 9100 -j KUBE-SVC-VCTXHUPCHVP2B3HJ | |
| -A KUBE-SERVICES -d 172.31.30.167/32 -p tcp -m comment --comment "monitoring/elasticsearch:nginx cluster IP" -m tcp --dport 8000 -j KUBE-SVC-O7OJTXC5GRPT2FHJ | |
| -A KUBE-SERVICES -d 172.31.0.222/32 -p tcp -m comment --comment "draughtsman/draughtsman:draughtsman cluster IP" -m tcp --dport 8000 -j KUBE-SVC-LLE7QNYR6M47DQPH | |
| -A KUBE-SERVICES -d 172.31.19.186/32 -p tcp -m comment --comment "ar3s3/master: cluster IP" -m tcp --dport 443 -j KUBE-SVC-LLRKVPT5PAP7SHZW | |
| -A KUBE-SERVICES -d 172.31.0.226/32 -p tcp -m comment --comment "monitoring/cert-exporter:cert-exporter cluster IP" -m tcp --dport 9005 -j KUBE-SVC-A55TXGX2IH6NF7JT | |
| -A KUBE-SERVICES -d 172.31.30.167/32 -p tcp -m comment --comment "monitoring/elasticsearch:elasticsearch cluster IP" -m tcp --dport 9200 -j KUBE-SVC-B52UPACVHNQ5LUL4 | |
| -A KUBE-SERVICES -d 172.31.0.149/32 -p tcp -m comment --comment "giantswarm/pv-cleaner-operator: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-AJUJJJLZPKSQHN3C | |
| -A KUBE-SERVICES -d 172.31.0.55/32 -p tcp -m comment --comment "monitoring/grafana: cluster IP" -m tcp --dport 3000 -j KUBE-SVC-TLAQXR2JYFLX6OG2 | |
| -A KUBE-SERVICES -d 172.31.116.166/32 -p tcp -m comment --comment "monitoring/heartbeat-proxy:heartbeat-proxy cluster IP" -m tcp --dport 8000 -j KUBE-SVC-RALSPAEQVM63RCZL | |
| -A KUBE-SERVICES -d 172.31.0.163/32 -p tcp -m comment --comment "giantswarm/passage-redis: cluster IP" -m tcp --dport 6379 -j KUBE-SVC-B3JAN72JUMCLJL4D | |
| -A KUBE-SERVICES -d 172.31.0.37/32 -p tcp -m comment --comment "giantswarm/cert-operator: cluster IP" -m tcp --dport 8000 -j KUBE-SVC-TTYOMRXZDYRBT232 | |
| -A KUBE-SERVICES -d 172.31.0.33/32 -p tcp -m comment --comment "kube-system/kube-lego-nginx: cluster IP" -m tcp --dport 8080 -j KUBE-SVC-44UG63QOLJNKHWWY | |
| -A KUBE-SERVICES -d 172.31.0.209/32 -p tcp -m comment --comment "kube-system/nginx-ingress-controller:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-5URCD7LMTHSEGXBZ | |
| -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS | |
| -A KUBE-SVC-2O63TI72U7QUZERS -m comment --comment "giantswarm/cluster-operator:" -j KUBE-SEP-ETYZDTXJ6DFH5NWY | |
| -A KUBE-SVC-2QFLXPI3464HMUTA -m comment --comment "kube-system/default-http-backend:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-AMSEU6QCV5INO4SV | |
| -A KUBE-SVC-2QFLXPI3464HMUTA -m comment --comment "kube-system/default-http-backend:" -j KUBE-SEP-EXSX34IIUCB47OOZ | |
| -A KUBE-SVC-43RTHYDCMXQB5QI4 -m comment --comment "monitoring/cloudwatch-exporter:cloudwatch-exporter" -j KUBE-SEP-5TIAOHHS3U4PNKDJ | |
| -A KUBE-SVC-44UG63QOLJNKHWWY -m comment --comment "kube-system/kube-lego-nginx:" -j KUBE-SEP-EXV3QCISYPUMGVVE | |
| -A KUBE-SVC-5URCD7LMTHSEGXBZ -m comment --comment "kube-system/nginx-ingress-controller:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-FYQNNQNIVEB5YAYV | |
| -A KUBE-SVC-5URCD7LMTHSEGXBZ -m comment --comment "kube-system/nginx-ingress-controller:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-YTCG4RDLF6SWONHC | |
| -A KUBE-SVC-5URCD7LMTHSEGXBZ -m comment --comment "kube-system/nginx-ingress-controller:http" -j KUBE-SEP-4B3E7DZJ5ARB7CIP | |
| -A KUBE-SVC-6HFVUJPAXSK6HEZ4 -m comment --comment "monitoring/prometheus-config-controller:config" -j KUBE-SEP-22BJC7TJ3Q7Z5AP3 | |
| -A KUBE-SVC-6NWKCPDDIVGW7CFW -m comment --comment "monitoring/alertmanager:alertmanager" -j KUBE-SEP-KWIH2IBUBZRFYFI4 | |
| -A KUBE-SVC-7OAQIMZG7FWDPH6T -m comment --comment "giantswarm/tokend:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ZKEUXHOP4Z4RS3AA | |
| -A KUBE-SVC-7OAQIMZG7FWDPH6T -m comment --comment "giantswarm/tokend:" -j KUBE-SEP-PGUHKZ5VSWMFVFF3 | |
| -A KUBE-SVC-7ZX7S3I4F2KLPYSQ -m comment --comment "giantswarm/cluster-service:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-FS435MMEYKTVA2OB | |
| -A KUBE-SVC-7ZX7S3I4F2KLPYSQ -m comment --comment "giantswarm/cluster-service:" -j KUBE-SEP-XSP6FX6H5F7PJCVG | |
| -A KUBE-SVC-A55TXGX2IH6NF7JT -m comment --comment "monitoring/cert-exporter:cert-exporter" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-TZGS2R5YU5WJUIWD | |
| -A KUBE-SVC-A55TXGX2IH6NF7JT -m comment --comment "monitoring/cert-exporter:cert-exporter" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-C2BBIAVU7MWIA3SA | |
| -A KUBE-SVC-A55TXGX2IH6NF7JT -m comment --comment "monitoring/cert-exporter:cert-exporter" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-NONRURDE3ID5BKTS | |
| -A KUBE-SVC-A55TXGX2IH6NF7JT -m comment --comment "monitoring/cert-exporter:cert-exporter" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-2F7UPYN5VVIFY2AE | |
| -A KUBE-SVC-A55TXGX2IH6NF7JT -m comment --comment "monitoring/cert-exporter:cert-exporter" -j KUBE-SEP-QYUYZXL3HTLMWSCM | |
| -A KUBE-SVC-B3JAN72JUMCLJL4D -m comment --comment "giantswarm/passage-redis:" -j KUBE-SEP-DXZH3JWKYY3MUSYI | |
| -A KUBE-SVC-B52UPACVHNQ5LUL4 -m comment --comment "monitoring/elasticsearch:elasticsearch" -j KUBE-SEP-3P2KRKYSNFTOBJ2A | |
| -A KUBE-SVC-B6RTVMQFNQXWNH6D -m comment --comment "giantswarm/node-operator:" -j KUBE-SEP-F2QQ2BCLOVQCXSRZ | |
| -A KUBE-SVC-BYU6YLX73OKRGPUK -m comment --comment "giantswarm/passage:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-EV276BLJB4B46LRT | |
| -A KUBE-SVC-BYU6YLX73OKRGPUK -m comment --comment "giantswarm/passage:" -j KUBE-SEP-MS525LDSYDUX3N5L | |
| -A KUBE-SVC-F3JXOHKQZSE4RJLW -m comment --comment "kube-system/nginx-ingress-controller:https" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-3HUMLAWVMPSNSQLL | |
| -A KUBE-SVC-F3JXOHKQZSE4RJLW -m comment --comment "kube-system/nginx-ingress-controller:https" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-U2F2J3A4Q4J46H43 | |
| -A KUBE-SVC-F3JXOHKQZSE4RJLW -m comment --comment "kube-system/nginx-ingress-controller:https" -j KUBE-SEP-I3L66HQHDQNKBWBR | |
| -A KUBE-SVC-FAITROITGXHS3QVF -m comment --comment "kube-system/coredns:dns-tcp" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-TCNFZ3M56TQU6FLD | |
| -A KUBE-SVC-FAITROITGXHS3QVF -m comment --comment "kube-system/coredns:dns-tcp" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-BMFIEOXHNFSIVKRQ | |
| -A KUBE-SVC-FAITROITGXHS3QVF -m comment --comment "kube-system/coredns:dns-tcp" -j KUBE-SEP-M5774M4D6Q2P4Y55 | |
| -A KUBE-SVC-FQBQAN7TX7CO56Z5 -m comment --comment "giantswarm/happa:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TDMX4OPBUZF3765R | |
| -A KUBE-SVC-FQBQAN7TX7CO56Z5 -m comment --comment "giantswarm/happa:" -j KUBE-SEP-DIRHUQZFBG4YF6WZ | |
| -A KUBE-SVC-GLLVRLHH7OD6NK7V -m comment --comment "giantswarm/aws-operator:" -j KUBE-SEP-S4UIZQEZCBZ5T26F | |
| -A KUBE-SVC-GQIIURXLVLFTRBCX -m comment --comment "monitoring/kibana:nginx" -j KUBE-SEP-RSCOETR3Z67PN3YR | |
| -A KUBE-SVC-IOS6WKUS5MDY5T6F -m comment --comment "giantswarm/desmotes:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-LOVVHDO3KSXLQQEE | |
| -A KUBE-SVC-IOS6WKUS5MDY5T6F -m comment --comment "giantswarm/desmotes:" -j KUBE-SEP-V6WXTD5HUH37WNZH | |
| -A KUBE-SVC-K7J76NXP7AUZVFGS -m comment --comment "kube-system/tiller-deploy:tiller" -j KUBE-SEP-ZJA6G3PBADYPOXFT | |
| -A KUBE-SVC-KO7XDDJ2W4MCTV62 -m comment --comment "monitoring/prometheus:prometheus" -j KUBE-SEP-CXC6AZSP4NKIP3YY | |
| -A KUBE-SVC-LLE7QNYR6M47DQPH -m comment --comment "draughtsman/draughtsman:draughtsman" -j KUBE-SEP-KX4H4VOHJNSLIMJX | |
| -A KUBE-SVC-LLRKVPT5PAP7SHZW -m comment --comment "ar3s3/master:" -j KUBE-SEP-NKMZ7IVI7QCIMLWT | |
| -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-7GVXLYBNOOKG242H --mask 255.255.255.255 --rsource -j KUBE-SEP-7GVXLYBNOOKG242H | |
| -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-7GVXLYBNOOKG242H | |
| -A KUBE-SVC-O7OJTXC5GRPT2FHJ -m comment --comment "monitoring/elasticsearch:nginx" -j KUBE-SEP-WDZQGLLJDOYWCECC | |
| -A KUBE-SVC-PLMGNY7S5IQEJPTP -m comment --comment "giantswarm/userd:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-XTV46RZWNG22FZ62 | |
| -A KUBE-SVC-PLMGNY7S5IQEJPTP -m comment --comment "giantswarm/userd:" -j KUBE-SEP-XR76J46QCXVM5BWP | |
| -A KUBE-SVC-QTBFZ47USBAWMYIG -m comment --comment "giantswarm/companyd:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ZDAZZQHPCMHFFOU4 | |
| -A KUBE-SVC-QTBFZ47USBAWMYIG -m comment --comment "giantswarm/companyd:" -j KUBE-SEP-VX7WY3Q5PAMKTPOG | |
| -A KUBE-SVC-RALSPAEQVM63RCZL -m comment --comment "monitoring/heartbeat-proxy:heartbeat-proxy" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-KZRUUYJE3JFAJ4FB | |
| -A KUBE-SVC-RALSPAEQVM63RCZL -m comment --comment "monitoring/heartbeat-proxy:heartbeat-proxy" -j KUBE-SEP-IT4S6RLI4OPEQWKY | |
| -A KUBE-SVC-SVGCRDKHREZUMCLA -m comment --comment "monitoring/alertmanager:nginx" -j KUBE-SEP-RWDGAAHCUK3WK2XR | |
| -A KUBE-SVC-TLAQXR2JYFLX6OG2 -m comment --comment "monitoring/grafana:" -j KUBE-SEP-BRXC4LKKHZAH46VY | |
| -A KUBE-SVC-TTYOMRXZDYRBT232 -m comment --comment "giantswarm/cert-operator:" -j KUBE-SEP-MMJAFHMVAWV5GPZ4 | |
| -A KUBE-SVC-TYQ72QOLLM3BFQ7V -m comment --comment "giantswarm/api:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-M7M3EQYP2M56J7VC | |
| -A KUBE-SVC-TYQ72QOLLM3BFQ7V -m comment --comment "giantswarm/api:" -j KUBE-SEP-JDTM4WMNJO4U4WZG | |
| -A KUBE-SVC-UMXEFDOAEKMHOZ7R -m comment --comment "giantswarm/kubernetesd:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-Q2KSTZ5PWNRO4ME2 | |
| -A KUBE-SVC-UMXEFDOAEKMHOZ7R -m comment --comment "giantswarm/kubernetesd:http" -j KUBE-SEP-SKJ2V2ROL5WQ2QSX | |
| -A KUBE-SVC-VCTXHUPCHVP2B3HJ -m comment --comment "monitoring/node-exporter:" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-4WBIPOFMRMOZDMKT | |
| -A KUBE-SVC-VCTXHUPCHVP2B3HJ -m comment --comment "monitoring/node-exporter:" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-SFODHYUUHOX72GUK | |
| -A KUBE-SVC-VCTXHUPCHVP2B3HJ -m comment --comment "monitoring/node-exporter:" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-6WGZNGWLFVQQVXMS | |
| -A KUBE-SVC-VCTXHUPCHVP2B3HJ -m comment --comment "monitoring/node-exporter:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-SWSHTE5NW4ML4HIR | |
| -A KUBE-SVC-VCTXHUPCHVP2B3HJ -m comment --comment "monitoring/node-exporter:" -j KUBE-SEP-E77EUXLB6ZEVPBIH | |
| -A KUBE-SVC-VXZN2WGXOODQNOFC -m comment --comment "monitoring/kube-state-metrics:kube-state-metrics" -j KUBE-SEP-GTNOHM7IBWKPQ5CR | |
| -A KUBE-SVC-W54GDIPLOAY5YJYL -m comment --comment "monitoring/prometheus:nginx" -j KUBE-SEP-KKEKDRL2H47Q7BWM | |
| -A KUBE-SVC-WAY44DSNYJTDTMYJ -m comment --comment "monitoring/kibana:kibana" -j KUBE-SEP-MSOOCQMZ6P2X3T53 | |
| -A KUBE-SVC-YHQ2YSOWSDOSOQY5 -m comment --comment "rs5z6/master:" -j KUBE-SEP-T63XEQ5QQ4YBIKRF | |
| -A KUBE-SVC-ZRLRAB2E5DTUX37C -m comment --comment "kube-system/coredns:dns" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-NJU5G6CW5QGTBYQA | |
| -A KUBE-SVC-ZRLRAB2E5DTUX37C -m comment --comment "kube-system/coredns:dns" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-Q7PRX2CO553JMNR7 | |
| -A KUBE-SVC-ZRLRAB2E5DTUX37C -m comment --comment "kube-system/coredns:dns" -j KUBE-SEP-64PURVEM5GVKHOCN | |
| -A cali-OUTPUT -m comment --comment "cali:GBTAv2p5CwevEyJm" -j cali-fip-dnat | |
| -A cali-POSTROUTING -m comment --comment "cali:Z-c7XtVd2Bq7s_hA" -j cali-fip-snat | |
| -A cali-POSTROUTING -m comment --comment "cali:nYKhEzDlr11Jccal" -j cali-nat-outgoing | |
| -A cali-POSTROUTING -o tunl0 -m comment --comment "cali:JHlpT-eSqR1TvyYm" -m addrtype ! --src-type LOCAL --limit-iface-out -m addrtype --src-type LOCAL -j MASQUERADE | |
| -A cali-PREROUTING -m comment --comment "cali:r6XmIziWUJsdOK6Z" -j cali-fip-dnat | |
| -A cali-nat-outgoing -m comment --comment "cali:Wd76s91357Uv7N3v" -m set --match-set cali4-masq-ipam-pools src -m set ! --match-set cali4-all-ipam-pools dst -j MASQUERADE | |
| COMMIT | |
| # Completed on Mon Feb 26 15:58:54 2018 | |
| # Generated by iptables-save v1.4.21 on Mon Feb 26 15:58:54 2018 | |
| *filter | |
| :INPUT ACCEPT [99:46040] | |
| :FORWARD ACCEPT [17:2032] | |
| :OUTPUT ACCEPT [157:11203] | |
| :DOCKER - [0:0] | |
| :DOCKER-ISOLATION - [0:0] | |
| :DOCKER-USER - [0:0] | |
| :KUBE-FIREWALL - [0:0] | |
| :KUBE-FORWARD - [0:0] | |
| :KUBE-SERVICES - [0:0] | |
| :cali-FORWARD - [0:0] | |
| :cali-INPUT - [0:0] | |
| :cali-OUTPUT - [0:0] | |
| :cali-failsafe-in - [0:0] | |
| :cali-failsafe-out - [0:0] | |
| :cali-from-hep-forward - [0:0] | |
| :cali-from-host-endpoint - [0:0] | |
| :cali-from-wl-dispatch - [0:0] | |
| :cali-from-wl-dispatch-4 - [0:0] | |
| :cali-from-wl-dispatch-6 - [0:0] | |
| :cali-from-wl-dispatch-d - [0:0] | |
| :cali-fw-cali083ed923870 - [0:0] | |
| :cali-fw-cali1bd5617e10f - [0:0] | |
| :cali-fw-cali36013fedf7d - [0:0] | |
| :cali-fw-cali4cc1caa9071 - [0:0] | |
| :cali-fw-cali4d865aaa499 - [0:0] | |
| :cali-fw-cali544bd62e39d - [0:0] | |
| :cali-fw-cali60a92727fb6 - [0:0] | |
| :cali-fw-cali689b39efd9d - [0:0] | |
| :cali-fw-cali6f27a4c3444 - [0:0] | |
| :cali-fw-cali924e0a5ed96 - [0:0] | |
| :cali-fw-calib3f17a6d678 - [0:0] | |
| :cali-fw-calidb4fcf5d534 - [0:0] | |
| :cali-fw-calidd326c28da9 - [0:0] | |
| :cali-fw-calie7f79adf506 - [0:0] | |
| :cali-pri-kns.giantswarm - [0:0] | |
| :cali-pri-kns.kube-system - [0:0] | |
| :cali-pri-kns.monitoring - [0:0] | |
| :cali-pro-kns.giantswarm - [0:0] | |
| :cali-pro-kns.kube-system - [0:0] | |
| :cali-pro-kns.monitoring - [0:0] | |
| :cali-to-hep-forward - [0:0] | |
| :cali-to-host-endpoint - [0:0] | |
| :cali-to-wl-dispatch - [0:0] | |
| :cali-to-wl-dispatch-4 - [0:0] | |
| :cali-to-wl-dispatch-6 - [0:0] | |
| :cali-to-wl-dispatch-d - [0:0] | |
| :cali-tw-cali083ed923870 - [0:0] | |
| :cali-tw-cali1bd5617e10f - [0:0] | |
| :cali-tw-cali36013fedf7d - [0:0] | |
| :cali-tw-cali4cc1caa9071 - [0:0] | |
| :cali-tw-cali4d865aaa499 - [0:0] | |
| :cali-tw-cali544bd62e39d - [0:0] | |
| :cali-tw-cali60a92727fb6 - [0:0] | |
| :cali-tw-cali689b39efd9d - [0:0] | |
| :cali-tw-cali6f27a4c3444 - [0:0] | |
| :cali-tw-cali924e0a5ed96 - [0:0] | |
| :cali-tw-calib3f17a6d678 - [0:0] | |
| :cali-tw-calidb4fcf5d534 - [0:0] | |
| :cali-tw-calidd326c28da9 - [0:0] | |
| :cali-tw-calie7f79adf506 - [0:0] | |
| :cali-wl-to-host - [0:0] | |
| -A INPUT -m comment --comment "cali:Cz_u1IQiXIMmKD4c" -j cali-INPUT | |
| -A INPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A INPUT -j KUBE-FIREWALL | |
| -A FORWARD -m comment --comment "cali:wUHhoiAYhphO9Mso" -j cali-FORWARD | |
| -A FORWARD -m comment --comment "kubernetes forward rules" -j KUBE-FORWARD | |
| -A FORWARD -j DOCKER-USER | |
| -A FORWARD -j DOCKER-ISOLATION | |
| -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A FORWARD -o docker0 -j DOCKER | |
| -A FORWARD -i docker0 ! -o docker0 -j ACCEPT | |
| -A FORWARD -i docker0 -o docker0 -j DROP | |
| -A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT | |
| -A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES | |
| -A OUTPUT -j KUBE-FIREWALL | |
| -A DOCKER-ISOLATION -j RETURN | |
| -A DOCKER-USER -j RETURN | |
| -A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP | |
| -A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT | |
| -A KUBE-SERVICES -p tcp -m comment --comment "default/vault:api has no endpoints" -m addrtype --dst-type LOCAL -m tcp --dport 31477 -j REJECT --reject-with icmp-port-unreachable | |
| -A KUBE-SERVICES -d 172.31.0.113/32 -p tcp -m comment --comment "default/vault:api has no endpoints" -m tcp --dport 8200 -j REJECT --reject-with icmp-port-unreachable | |
| -A KUBE-SERVICES -d 172.31.0.203/32 -p tcp -m comment --comment "draughtsman/draughtsman-eventer:draughtsman-eventer has no endpoints" -m tcp --dport 8000 -j REJECT --reject-with icmp-port-unreachable | |
| -A KUBE-SERVICES -p tcp -m comment --comment "giantswarm/testbot: has no endpoints" -m addrtype --dst-type LOCAL -m tcp --dport 30007 -j REJECT --reject-with icmp-port-unreachable | |
| -A KUBE-SERVICES -d 172.31.0.117/32 -p tcp -m comment --comment "giantswarm/testbot: has no endpoints" -m tcp --dport 8000 -j REJECT --reject-with icmp-port-unreachable | |
| -A KUBE-SERVICES -d 172.31.0.4/32 -p tcp -m comment --comment "draughtsman/draughtsman-operator: has no endpoints" -m tcp --dport 8000 -j REJECT --reject-with icmp-port-unreachable | |
| -A KUBE-SERVICES -d 172.31.0.149/32 -p tcp -m comment --comment "giantswarm/pv-cleaner-operator: has no endpoints" -m tcp --dport 8000 -j REJECT --reject-with icmp-port-unreachable | |
| -A cali-FORWARD -m comment --comment "cali:JV9-BRWxjz8He5Ib" -j MARK --set-xmark 0x0/0xe000000 | |
| -A cali-FORWARD -m comment --comment "cali:p3dIAeGsCabF0CUT" -m mark --mark 0x0/0x1000000 -j cali-from-hep-forward | |
| -A cali-FORWARD -i cali+ -m comment --comment "cali:DeNlxb0sUevj_Plt" -j cali-from-wl-dispatch | |
| -A cali-FORWARD -o cali+ -m comment --comment "cali:B81FOaQNZymbX9H8" -j cali-to-wl-dispatch | |
| -A cali-FORWARD -m comment --comment "cali:bB-I9T0YRAYMASx0" -j cali-to-hep-forward | |
| -A cali-FORWARD -m comment --comment "cali:I1Ki7aNgQsJFzEpG" -m comment --comment "Policy explicitly accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-INPUT -m comment --comment "cali:i7okJZpS8VxaJB3n" -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-INPUT -p ipencap -m comment --comment "cali:kLJdl8-9MpSKcclh" -m comment --comment "Allow IPIP packets from Calico hosts" -m set --match-set cali4-all-hosts src -m addrtype --dst-type LOCAL -j ACCEPT | |
| -A cali-INPUT -p ipencap -m comment --comment "cali:JhfQUFFJ2v0jbipF" -m comment --comment "Drop IPIP packets from non-Calico hosts" -j DROP | |
| -A cali-INPUT -i cali+ -m comment --comment "cali:lCcyvgf8VeDM1u1-" -g cali-wl-to-host | |
| -A cali-INPUT -m comment --comment "cali:GlrNbO_EUWYWRCaO" -j MARK --set-xmark 0x0/0xf000000 | |
| -A cali-INPUT -m comment --comment "cali:K-V6zS0uXrZMyaMZ" -j cali-from-host-endpoint | |
| -A cali-INPUT -m comment --comment "cali:LxVlCgv5vgFY0hIt" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-OUTPUT -m comment --comment "cali:YQSSJIsRcHjFbXaI" -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-OUTPUT -o cali+ -m comment --comment "cali:N882DxHZfedrB21M" -m ipvs --ipvs -j cali-to-wl-dispatch | |
| -A cali-OUTPUT -o cali+ -m comment --comment "cali:3DMcCmSodO9PvZSQ" -j RETURN | |
| -A cali-OUTPUT -p ipencap -m comment --comment "cali:z0oSsuDED75MEj0R" -m comment --comment "Allow IPIP packets to other Calico hosts" -m set --match-set cali4-all-hosts dst -m addrtype --src-type LOCAL -j ACCEPT | |
| -A cali-OUTPUT -m comment --comment "cali:QNnJdgwPtObqbUOD" -j MARK --set-xmark 0x0/0xf000000 | |
| -A cali-OUTPUT -m comment --comment "cali:B2nj6q0bloZNBIi-" -j cali-to-host-endpoint | |
| -A cali-OUTPUT -m comment --comment "cali:Exh0jTsM68POxMgM" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT | |
| -A cali-failsafe-in -p udp -m comment --comment "cali:LwNV--R8MjeUYacw" -m multiport --dports 68 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:QOO5NUOqOSS1_Iw0" -m multiport --dports 179 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:cwZWoBSwVeIAZmVN" -m multiport --dports 2379 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:7FbNXT91kugE_upR" -m multiport --dports 2380 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:ywE9WYUBEpve70WT" -m multiport --dports 6666 -j ACCEPT | |
| -A cali-failsafe-in -p tcp -m comment --comment "cali:l-WQSVBf_lygPR0J" -m multiport --dports 6667 -j ACCEPT | |
| -A cali-failsafe-out -p udp -m comment --comment "cali:82hjfji-wChFhAqL" -m multiport --dports 53 -j ACCEPT | |
| -A cali-failsafe-out -p udp -m comment --comment "cali:TNM3RfEjbNr72hgH" -m multiport --dports 67 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:ycxKitIl4u3dK0HR" -m multiport --dports 179 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:hxjEWyxdkXXkdvut" -m multiport --dports 2379 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:cA_GLtruuvG88KiO" -m multiport --dports 2380 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:Sb1hkLYFMrKS6r01" -m multiport --dports 6666 -j ACCEPT | |
| -A cali-failsafe-out -p tcp -m comment --comment "cali:UwLSebGONJUG4yG-" -m multiport --dports 6667 -j ACCEPT | |
| -A cali-from-wl-dispatch -i cali083ed923870 -m comment --comment "cali:z_am8GUTWYXJ6vSb" -g cali-fw-cali083ed923870 | |
| -A cali-from-wl-dispatch -i cali1bd5617e10f -m comment --comment "cali:302vvqkEof954tk_" -g cali-fw-cali1bd5617e10f | |
| -A cali-from-wl-dispatch -i cali36013fedf7d -m comment --comment "cali:87u11glMftYmywvi" -g cali-fw-cali36013fedf7d | |
| -A cali-from-wl-dispatch -i cali4+ -m comment --comment "cali:9UwadKy_NBrEB9kG" -g cali-from-wl-dispatch-4 | |
| -A cali-from-wl-dispatch -i cali544bd62e39d -m comment --comment "cali:WDe2JNx-VcY39KBe" -g cali-fw-cali544bd62e39d | |
| -A cali-from-wl-dispatch -i cali6+ -m comment --comment "cali:99uIovrEbIVkCVbL" -g cali-from-wl-dispatch-6 | |
| -A cali-from-wl-dispatch -i cali924e0a5ed96 -m comment --comment "cali:D-KAy9pQ-Jz2Kk3P" -g cali-fw-cali924e0a5ed96 | |
| -A cali-from-wl-dispatch -i calib3f17a6d678 -m comment --comment "cali:cUhc-J6VJF3LTubF" -g cali-fw-calib3f17a6d678 | |
| -A cali-from-wl-dispatch -i calid+ -m comment --comment "cali:axT3buGlYulb6lVD" -g cali-from-wl-dispatch-d | |
| -A cali-from-wl-dispatch -i calie7f79adf506 -m comment --comment "cali:d9nV9ESr_Yb3QOEM" -g cali-fw-calie7f79adf506 | |
| -A cali-from-wl-dispatch -m comment --comment "cali:vQsTFm3nmtNPtLik" -m comment --comment "Unknown interface" -j DROP | |
| -A cali-from-wl-dispatch-4 -i cali4cc1caa9071 -m comment --comment "cali:o4Ck142VtyepB6QU" -g cali-fw-cali4cc1caa9071 | |
| -A cali-from-wl-dispatch-4 -i cali4d865aaa499 -m comment --comment "cali:dDuzS1CQbWzD_Zjg" -g cali-fw-cali4d865aaa499 | |
| -A cali-from-wl-dispatch-4 -m comment --comment "cali:GmrXGWKRcrFDv5X2" -m comment --comment "Unknown interface" -j DROP | |
| -A cali-from-wl-dispatch-6 -i cali60a92727fb6 -m comment --comment "cali:STaJnxOaalrYPS3h" -g cali-fw-cali60a92727fb6 | |
| -A cali-from-wl-dispatch-6 -i cali689b39efd9d -m comment --comment "cali:QQNk6cSs0r3vJvU6" -g cali-fw-cali689b39efd9d | |
| -A cali-from-wl-dispatch-6 -i cali6f27a4c3444 -m comment --comment "cali:KtACu5qjHto2n3oB" -g cali-fw-cali6f27a4c3444 | |
| -A cali-from-wl-dispatch-6 -m comment --comment "cali:flgY3TKNyo85Y_Zi" -m comment --comment "Unknown interface" -j DROP | |
| -A cali-from-wl-dispatch-d -i calidb4fcf5d534 -m comment --comment "cali:IB4vIKDQ_HMUR9yP" -g cali-fw-calidb4fcf5d534 | |
| -A cali-from-wl-dispatch-d -i calidd326c28da9 -m comment --comment "cali:dndDUrGhmtkR-Awl" -g cali-fw-calidd326c28da9 | |
| -A cali-from-wl-dispatch-d -m comment --comment "cali:qybFMVNhQrERGvkW" -m comment --comment "Unknown interface" -j DROP | |
| -A cali-fw-cali083ed923870 -m comment --comment "cali:d7sO9EBp_po2s-bS" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali083ed923870 -m comment --comment "cali:HM8LoHxik6Hg3pIW" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali083ed923870 -m comment --comment "cali:uMqqT7ur5bAGlqz6" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali083ed923870 -m comment --comment "cali:nJuXj8QkFRP9rJcd" -j cali-pro-kns.kube-system | |
| -A cali-fw-cali083ed923870 -m comment --comment "cali:53aHfpc1kGicxpLt" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali083ed923870 -m comment --comment "cali:KZ3wrNb92X3EBzXj" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali1bd5617e10f -m comment --comment "cali:nTpmOYTeOmqShjBS" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali1bd5617e10f -m comment --comment "cali:vfOw3dkTKK0ewwv3" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali1bd5617e10f -m comment --comment "cali:X3XJu7eU7su5xR3R" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali1bd5617e10f -m comment --comment "cali:UAUPwT3oGKpPjUqu" -j cali-pro-kns.monitoring | |
| -A cali-fw-cali1bd5617e10f -m comment --comment "cali:PWjWtwNj-qfSWB_8" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali1bd5617e10f -m comment --comment "cali:YGcv07yc6xGx0iMl" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali36013fedf7d -m comment --comment "cali:KQxtyVtsiSiBgUSo" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali36013fedf7d -m comment --comment "cali:40c_jgnSyG67lyvO" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali36013fedf7d -m comment --comment "cali:yRzcOBuxdTmH2vAG" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali36013fedf7d -m comment --comment "cali:7BVMS6Jz-ULOcGlq" -j cali-pro-kns.monitoring | |
| -A cali-fw-cali36013fedf7d -m comment --comment "cali:Qaq1rcpN3LNGWU99" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali36013fedf7d -m comment --comment "cali:ZsrNVCprgOw7Ts16" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali4cc1caa9071 -m comment --comment "cali:FrA5dPMvrktle7vc" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali4cc1caa9071 -m comment --comment "cali:dKLf3CIA8UJAHVqr" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali4cc1caa9071 -m comment --comment "cali:A26PLeDjH8OlbWRp" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali4cc1caa9071 -m comment --comment "cali:rD9AhNiynTTmLQbE" -j cali-pro-kns.giantswarm | |
| -A cali-fw-cali4cc1caa9071 -m comment --comment "cali:4TSlZxhnK2UARYJM" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali4cc1caa9071 -m comment --comment "cali:FAB2QZ_jKaopmZBp" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali4d865aaa499 -m comment --comment "cali:-pOJxb-yzw5sw-NU" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali4d865aaa499 -m comment --comment "cali:MCIDtawBKMKIuOUQ" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali4d865aaa499 -m comment --comment "cali:t1mjMvlXM2cLdfaD" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali4d865aaa499 -m comment --comment "cali:qQl9ReJzmx4UWUJm" -j cali-pro-kns.giantswarm | |
| -A cali-fw-cali4d865aaa499 -m comment --comment "cali:arGtSx3YdTCfa4ba" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali4d865aaa499 -m comment --comment "cali:7qe8VdrESmNcUvKt" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali544bd62e39d -m comment --comment "cali:rC4ksK8XNiZTl7PP" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali544bd62e39d -m comment --comment "cali:tNEkPSJvOHnsB_fO" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali544bd62e39d -m comment --comment "cali:68AklzW6N4LFlMG8" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali544bd62e39d -m comment --comment "cali:Pbu6IJn1lIWgFsUA" -j cali-pro-kns.giantswarm | |
| -A cali-fw-cali544bd62e39d -m comment --comment "cali:tRqxmI5eKfwcdd-V" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali544bd62e39d -m comment --comment "cali:GCZFGQgwfj2wN7NH" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali60a92727fb6 -m comment --comment "cali:i0IF-MEMe0PwHwWb" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali60a92727fb6 -m comment --comment "cali:YAbLHIrphNebXaN0" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali60a92727fb6 -m comment --comment "cali:-VMEFcNW02M6JYWL" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali60a92727fb6 -m comment --comment "cali:NiiifU6T_eJlSvPH" -j cali-pro-kns.giantswarm | |
| -A cali-fw-cali60a92727fb6 -m comment --comment "cali:yNlLG0kRc6u1_HrD" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali60a92727fb6 -m comment --comment "cali:OYcUxwuLeRCf-AFm" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali689b39efd9d -m comment --comment "cali:ak2wzov6gkzw1hFP" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali689b39efd9d -m comment --comment "cali:fmb-qPo-KifHPNse" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali689b39efd9d -m comment --comment "cali:bJf7G0eQvXC4k29P" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali689b39efd9d -m comment --comment "cali:3WBmNiNs1gMq9_UE" -j cali-pro-kns.giantswarm | |
| -A cali-fw-cali689b39efd9d -m comment --comment "cali:X5B2BCoseJfehV1y" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali689b39efd9d -m comment --comment "cali:S3CZidVIZ80Pg2D2" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali6f27a4c3444 -m comment --comment "cali:z10-Y2FAJtgeFaq2" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali6f27a4c3444 -m comment --comment "cali:2CQSFOS3QiGH3-JA" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali6f27a4c3444 -m comment --comment "cali:qf_VBjnbO5-LQgAA" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali6f27a4c3444 -m comment --comment "cali:BjiGO3wFqOxsa4qn" -j cali-pro-kns.monitoring | |
| -A cali-fw-cali6f27a4c3444 -m comment --comment "cali:UR23eH3Xk1XtjYYV" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali6f27a4c3444 -m comment --comment "cali:4UUIBqJAnmRxMb7k" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-cali924e0a5ed96 -m comment --comment "cali:in96YBFe9HjiEnRK" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-cali924e0a5ed96 -m comment --comment "cali:NXDY4cmhuFpreX73" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-cali924e0a5ed96 -m comment --comment "cali:buIVWgXpkUg_k30g" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-cali924e0a5ed96 -m comment --comment "cali:jZ0DOlU54uVutVYP" -j cali-pro-kns.kube-system | |
| -A cali-fw-cali924e0a5ed96 -m comment --comment "cali:hZQkSJ45h9eqHaa1" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-cali924e0a5ed96 -m comment --comment "cali:J6squiHmMfpD2Fo1" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-calib3f17a6d678 -m comment --comment "cali:yu4xY3PrCVA8yOqb" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-calib3f17a6d678 -m comment --comment "cali:1EKMNnadAW6TAACU" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-calib3f17a6d678 -m comment --comment "cali:6mt6d801HImWzc9A" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-calib3f17a6d678 -m comment --comment "cali:cdDPClCXG8d3bSUI" -j cali-pro-kns.kube-system | |
| -A cali-fw-calib3f17a6d678 -m comment --comment "cali:gLjhO_lVXVIwjdwr" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-calib3f17a6d678 -m comment --comment "cali:1i5DThJ4fpN6w88v" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-calidb4fcf5d534 -m comment --comment "cali:8c2GRwNH7js2jIfU" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-calidb4fcf5d534 -m comment --comment "cali:NUih3cm8c5F29v5_" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-calidb4fcf5d534 -m comment --comment "cali:chDsGJ41YGUcuaoJ" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-calidb4fcf5d534 -m comment --comment "cali:V-lZf8GJ9R5pWejq" -j cali-pro-kns.giantswarm | |
| -A cali-fw-calidb4fcf5d534 -m comment --comment "cali:fq-IZcwNp5s7569w" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-calidb4fcf5d534 -m comment --comment "cali:gBQ4VglJJCNyaWVx" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-calidd326c28da9 -m comment --comment "cali:SQl4HypfEfdFwkoi" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-calidd326c28da9 -m comment --comment "cali:TNlBgARRBJ0pD7Bb" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-calidd326c28da9 -m comment --comment "cali:cf5YgOWPF84Vrg8D" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-calidd326c28da9 -m comment --comment "cali:_1N07RUsjW_MpV5n" -j cali-pro-kns.monitoring | |
| -A cali-fw-calidd326c28da9 -m comment --comment "cali:n7ocneG1uykqU199" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-calidd326c28da9 -m comment --comment "cali:8bRqzI0v0h-B7GsF" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-fw-calie7f79adf506 -m comment --comment "cali:FUvVqW29UjnGNcK3" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-fw-calie7f79adf506 -m comment --comment "cali:MH8kuqLKtqo0gqms" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-fw-calie7f79adf506 -m comment --comment "cali:m82Wv5mNBpVRiirA" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-fw-calie7f79adf506 -m comment --comment "cali:UQFotqmhMtfJ099w" -j cali-pro-kns.monitoring | |
| -A cali-fw-calie7f79adf506 -m comment --comment "cali:lhbSW0CiWSKVaKIe" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-fw-calie7f79adf506 -m comment --comment "cali:twdmVJXZjnOCbQ66" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-pri-kns.giantswarm -m comment --comment "cali:iz_OANhMue1rg4PH" -j MARK --set-xmark 0x1000000/0x1000000 | |
| -A cali-pri-kns.giantswarm -m comment --comment "cali:QPrlxlaisnQWAEdz" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-pri-kns.kube-system -m comment --comment "cali:jVs-zlYSX3OG8546" -j MARK --set-xmark 0x1000000/0x1000000 | |
| -A cali-pri-kns.kube-system -m comment --comment "cali:wbS84vjWKVIcWiCG" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-pri-kns.monitoring -m comment --comment "cali:oPMCXSERxOyy2rZf" -j MARK --set-xmark 0x1000000/0x1000000 | |
| -A cali-pri-kns.monitoring -m comment --comment "cali:mmcSrb1DDc4pJWRy" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-pro-kns.giantswarm -m comment --comment "cali:vaz3_BVYo7OFXNWd" -j MARK --set-xmark 0x1000000/0x1000000 | |
| -A cali-pro-kns.giantswarm -m comment --comment "cali:YLQsxBGL89M5bOl0" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-pro-kns.kube-system -m comment --comment "cali:B_J-7WG5VtOu-bQy" -j MARK --set-xmark 0x1000000/0x1000000 | |
| -A cali-pro-kns.kube-system -m comment --comment "cali:_Xu55_wPL7ogYHes" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-pro-kns.monitoring -m comment --comment "cali:fxoIMhDrZqEZQnMm" -j MARK --set-xmark 0x1000000/0x1000000 | |
| -A cali-pro-kns.monitoring -m comment --comment "cali:GAgtexm48uQCx9qM" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-to-wl-dispatch -o cali083ed923870 -m comment --comment "cali:IBfV97IS1qrdFANO" -g cali-tw-cali083ed923870 | |
| -A cali-to-wl-dispatch -o cali1bd5617e10f -m comment --comment "cali:SjXjgGbZfoc8OTz1" -g cali-tw-cali1bd5617e10f | |
| -A cali-to-wl-dispatch -o cali36013fedf7d -m comment --comment "cali:t0uS5ADMJmPLtsUA" -g cali-tw-cali36013fedf7d | |
| -A cali-to-wl-dispatch -o cali4+ -m comment --comment "cali:ujHylX9oiulBaEUC" -g cali-to-wl-dispatch-4 | |
| -A cali-to-wl-dispatch -o cali544bd62e39d -m comment --comment "cali:FREKZhsfEQp3orYJ" -g cali-tw-cali544bd62e39d | |
| -A cali-to-wl-dispatch -o cali6+ -m comment --comment "cali:LO62LF6DeLm3a87O" -g cali-to-wl-dispatch-6 | |
| -A cali-to-wl-dispatch -o cali924e0a5ed96 -m comment --comment "cali:yBhwcNHPMLsMbCST" -g cali-tw-cali924e0a5ed96 | |
| -A cali-to-wl-dispatch -o calib3f17a6d678 -m comment --comment "cali:46HpKwqCjREBFUAO" -g cali-tw-calib3f17a6d678 | |
| -A cali-to-wl-dispatch -o calid+ -m comment --comment "cali:So4z0pHODCkNC46I" -g cali-to-wl-dispatch-d | |
| -A cali-to-wl-dispatch -o calie7f79adf506 -m comment --comment "cali:TQBfFzmFfgFODZrk" -g cali-tw-calie7f79adf506 | |
| -A cali-to-wl-dispatch -m comment --comment "cali:wCC4oKfWPe1DBUka" -m comment --comment "Unknown interface" -j DROP | |
| -A cali-to-wl-dispatch-4 -o cali4cc1caa9071 -m comment --comment "cali:kGlkAQZ2hK99v-ye" -g cali-tw-cali4cc1caa9071 | |
| -A cali-to-wl-dispatch-4 -o cali4d865aaa499 -m comment --comment "cali:xZ4u1_YoVv29p42b" -g cali-tw-cali4d865aaa499 | |
| -A cali-to-wl-dispatch-4 -m comment --comment "cali:m6SAg5AgVuFa-dQB" -m comment --comment "Unknown interface" -j DROP | |
| -A cali-to-wl-dispatch-6 -o cali60a92727fb6 -m comment --comment "cali:NR6dJ4UGrQzhan9b" -g cali-tw-cali60a92727fb6 | |
| -A cali-to-wl-dispatch-6 -o cali689b39efd9d -m comment --comment "cali:MtNDCaPofyuNKVD7" -g cali-tw-cali689b39efd9d | |
| -A cali-to-wl-dispatch-6 -o cali6f27a4c3444 -m comment --comment "cali:cm-1_wjw0PWi9o8-" -g cali-tw-cali6f27a4c3444 | |
| -A cali-to-wl-dispatch-6 -m comment --comment "cali:GwV0MNRLCcxhdSbF" -m comment --comment "Unknown interface" -j DROP | |
| -A cali-to-wl-dispatch-d -o calidb4fcf5d534 -m comment --comment "cali:E4RzZU6e6uZxuy1e" -g cali-tw-calidb4fcf5d534 | |
| -A cali-to-wl-dispatch-d -o calidd326c28da9 -m comment --comment "cali:KEeFSpYkKRFuSs_v" -g cali-tw-calidd326c28da9 | |
| -A cali-to-wl-dispatch-d -m comment --comment "cali:-tVrKD0qcUwpFvIE" -m comment --comment "Unknown interface" -j DROP | |
| -A cali-tw-cali083ed923870 -m comment --comment "cali:CiAdrjqupE9UitdS" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali083ed923870 -m comment --comment "cali:chHoCibYKFDoJjnB" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali083ed923870 -m comment --comment "cali:xK7Vax5A34Ebb7H7" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali083ed923870 -m comment --comment "cali:6ErP5S4JFT8_Y7Uj" -j cali-pri-kns.kube-system | |
| -A cali-tw-cali083ed923870 -m comment --comment "cali:YSsPPxSpLcplJjBu" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali083ed923870 -m comment --comment "cali:5NtduSYEx48zSxTa" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali1bd5617e10f -m comment --comment "cali:RHaTkXH1u-NJDdVR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali1bd5617e10f -m comment --comment "cali:OsbtioginC9G44d3" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali1bd5617e10f -m comment --comment "cali:Bb67VywI0IswBoEZ" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali1bd5617e10f -m comment --comment "cali:2040Y9TxbE-fOMHx" -j cali-pri-kns.monitoring | |
| -A cali-tw-cali1bd5617e10f -m comment --comment "cali:kYhY5LentMpBB4hM" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali1bd5617e10f -m comment --comment "cali:ZMOh8CYLCp_6Djk2" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali36013fedf7d -m comment --comment "cali:f6ljlO63gL4VcjdG" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali36013fedf7d -m comment --comment "cali:6n5I9ZBabMo-U1a_" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali36013fedf7d -m comment --comment "cali:hbxYBY25kb9UiGj3" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali36013fedf7d -m comment --comment "cali:-pknCZJsrGNLVJhs" -j cali-pri-kns.monitoring | |
| -A cali-tw-cali36013fedf7d -m comment --comment "cali:JmbIoSgJ2COHlNXk" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali36013fedf7d -m comment --comment "cali:WnbUS9X5XeAjE4cD" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali4cc1caa9071 -m comment --comment "cali:EuyB4x_geTdryYc-" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali4cc1caa9071 -m comment --comment "cali:Auki-JaOyrGJ6PN5" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali4cc1caa9071 -m comment --comment "cali:iURLggNFy-gYtT4p" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali4cc1caa9071 -m comment --comment "cali:Z7EVNcgjTI3ZX4Ki" -j cali-pri-kns.giantswarm | |
| -A cali-tw-cali4cc1caa9071 -m comment --comment "cali:5KMYHkq-YwB_6zHC" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali4cc1caa9071 -m comment --comment "cali:noR2QA00v0pPuZb0" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali4d865aaa499 -m comment --comment "cali:KVscewrB-SAwE3K2" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali4d865aaa499 -m comment --comment "cali:Uc8Vh4auk_dtP5f7" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali4d865aaa499 -m comment --comment "cali:27066fv9ub5YgInF" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali4d865aaa499 -m comment --comment "cali:__cpQ-6JpgR9KHn_" -j cali-pri-kns.giantswarm | |
| -A cali-tw-cali4d865aaa499 -m comment --comment "cali:o74m4owvFXTnY51W" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali4d865aaa499 -m comment --comment "cali:LZDLwsyInDFCyKfW" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali544bd62e39d -m comment --comment "cali:cK9ubQmTtV2vt2eR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali544bd62e39d -m comment --comment "cali:f1P5ob8WIq2NZOFF" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali544bd62e39d -m comment --comment "cali:DMQr6rflenbhBT6X" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali544bd62e39d -m comment --comment "cali:rkEdsrdfbUY5PrBo" -j cali-pri-kns.giantswarm | |
| -A cali-tw-cali544bd62e39d -m comment --comment "cali:WTbRATQ3Z67iKvxE" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali544bd62e39d -m comment --comment "cali:rGBCftrK9VAPQQkV" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali60a92727fb6 -m comment --comment "cali:epez9gBhN2paDqTG" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali60a92727fb6 -m comment --comment "cali:72R89QjQPgbBvszX" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali60a92727fb6 -m comment --comment "cali:agsj-NM604AajADz" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali60a92727fb6 -m comment --comment "cali:fdph07JGkvsJgWqC" -j cali-pri-kns.giantswarm | |
| -A cali-tw-cali60a92727fb6 -m comment --comment "cali:ggB99wQ6TE4hKJgZ" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali60a92727fb6 -m comment --comment "cali:2Or9kTudHhtiZwhh" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali689b39efd9d -m comment --comment "cali:tRQ30hUIFzOYsu5d" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali689b39efd9d -m comment --comment "cali:Pqvp8etzucoQgiT7" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali689b39efd9d -m comment --comment "cali:gKYONJhgsYQ3t995" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali689b39efd9d -m comment --comment "cali:iCxHt8C5ceC4MU4-" -j cali-pri-kns.giantswarm | |
| -A cali-tw-cali689b39efd9d -m comment --comment "cali:AbLpeEgIR2dkpM92" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali689b39efd9d -m comment --comment "cali:bECcFIgs_K34ciAM" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali6f27a4c3444 -m comment --comment "cali:UhLvhK2PZUp4QISy" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali6f27a4c3444 -m comment --comment "cali:ohyTklvcrw8DyrPf" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali6f27a4c3444 -m comment --comment "cali:4PCif4Amrqa-1mqT" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali6f27a4c3444 -m comment --comment "cali:rP6Bh1pAbDu25fbc" -j cali-pri-kns.monitoring | |
| -A cali-tw-cali6f27a4c3444 -m comment --comment "cali:qDp8Boblsm-Zjonf" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali6f27a4c3444 -m comment --comment "cali:dG1afLOeMm4t2RT3" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-cali924e0a5ed96 -m comment --comment "cali:xEns7xjU_QXwIKEf" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-cali924e0a5ed96 -m comment --comment "cali:tKOwAQnsxiiMa5Gc" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-cali924e0a5ed96 -m comment --comment "cali:B7VY_9867W4b67IK" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-cali924e0a5ed96 -m comment --comment "cali:fy9rRtGiWaQL8nSA" -j cali-pri-kns.kube-system | |
| -A cali-tw-cali924e0a5ed96 -m comment --comment "cali:1yErxSIOIbhRZj6k" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-cali924e0a5ed96 -m comment --comment "cali:PilV1MiC7CaYheMd" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-calib3f17a6d678 -m comment --comment "cali:v6O38kR3-GqaZ-j1" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-calib3f17a6d678 -m comment --comment "cali:bVhTVRNU6UhzeSNO" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-calib3f17a6d678 -m comment --comment "cali:K7jk-cUOUZHJJcA4" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-calib3f17a6d678 -m comment --comment "cali:qOTgEiSVYeOBNEuy" -j cali-pri-kns.kube-system | |
| -A cali-tw-calib3f17a6d678 -m comment --comment "cali:QoB20HZzUN5ILV6Y" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-calib3f17a6d678 -m comment --comment "cali:sF5V6KeyRoG3MAu_" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-calidb4fcf5d534 -m comment --comment "cali:hWlK3rzw7-1JzH6A" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-calidb4fcf5d534 -m comment --comment "cali:TwlTM-sHnUPmzINk" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-calidb4fcf5d534 -m comment --comment "cali:eUlSc2djLffnHiFs" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-calidb4fcf5d534 -m comment --comment "cali:Q4cdCw1xDARsjZ2p" -j cali-pri-kns.giantswarm | |
| -A cali-tw-calidb4fcf5d534 -m comment --comment "cali:GanEJpsac07CMYbM" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-calidb4fcf5d534 -m comment --comment "cali:MRBKzGhRT0IGaT3c" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-calidd326c28da9 -m comment --comment "cali:gICYc__BdrgY-v8K" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-calidd326c28da9 -m comment --comment "cali:DYvwJTkFOOcYAPHc" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-calidd326c28da9 -m comment --comment "cali:Fo3nllM86jE254Xu" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-calidd326c28da9 -m comment --comment "cali:j5PB_5Pu6KoBW1aQ" -j cali-pri-kns.monitoring | |
| -A cali-tw-calidd326c28da9 -m comment --comment "cali:cZ9bh5LwXENAwF5-" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-calidd326c28da9 -m comment --comment "cali:Di2f21hKiDYgcvEI" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-tw-calie7f79adf506 -m comment --comment "cali:PZ4Tv38j_XNF5aSd" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A cali-tw-calie7f79adf506 -m comment --comment "cali:9Tl3UeWX42yEXIuj" -m conntrack --ctstate INVALID -j DROP | |
| -A cali-tw-calie7f79adf506 -m comment --comment "cali:KntDeM5PNHuKVJKq" -j MARK --set-xmark 0x0/0x1000000 | |
| -A cali-tw-calie7f79adf506 -m comment --comment "cali:JH0GLUUJ-p39AO6U" -j cali-pri-kns.monitoring | |
| -A cali-tw-calie7f79adf506 -m comment --comment "cali:TRjjF9EmZniIg1_W" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN | |
| -A cali-tw-calie7f79adf506 -m comment --comment "cali:HdlA8DUW3a5kTV7H" -m comment --comment "Drop if no profiles matched" -j DROP | |
| -A cali-wl-to-host -m comment --comment "cali:Ee9Sbo10IpVujdIY" -j cali-from-wl-dispatch | |
| -A cali-wl-to-host -m comment --comment "cali:nSZbcOoG1xPONxb8" -m comment --comment "Configured DefaultEndpointToHostAction" -j ACCEPT | |
| COMMIT | |
| # Completed on Mon Feb 26 15:58:54 2018 | |
| ROUTES | |
| ====== | |
| default via 10.0.5.1 dev eth0 proto dhcp src 10.0.5.112 metric 1024 | |
| 10.0.5.0/25 dev eth0 proto kernel scope link src 10.0.5.112 | |
| 10.0.5.1 dev eth0 proto dhcp scope link src 10.0.5.112 metric 1024 | |
| 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown | |
| 192.168.20.192/26 via 10.0.5.166 dev tunl0 proto bird onlink | |
| blackhole 192.168.128.128/26 proto bird | |
| 192.168.128.131 dev cali4cc1caa9071 scope link | |
| 192.168.128.132 dev cali4d865aaa499 scope link | |
| 192.168.128.133 dev cali60a92727fb6 scope link | |
| 192.168.128.137 dev cali544bd62e39d scope link | |
| 192.168.128.138 dev calidb4fcf5d534 scope link | |
| 192.168.128.144 dev cali689b39efd9d scope link | |
| 192.168.128.158 dev cali36013fedf7d scope link | |
| 192.168.128.160 dev calie7f79adf506 scope link | |
| 192.168.128.174 dev cali1bd5617e10f scope link | |
| 192.168.128.175 dev cali6f27a4c3444 scope link | |
| 192.168.128.176 dev calidd326c28da9 scope link | |
| 192.168.128.177 dev cali083ed923870 scope link | |
| 192.168.128.178 dev calib3f17a6d678 scope link | |
| 192.168.128.179 dev calia29ceca254a scope link | |
| 192.168.128.180 dev calib75abe11068 scope link | |
| 192.168.177.192/26 via 10.0.5.17 dev tunl0 proto bird onlink | |
| 192.168.233.64/26 via 10.0.5.38 dev tunl0 proto bird onlink | |
| 192.168.248.192/26 via 10.0.5.157 dev tunl0 proto bird onlink |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment