stevesloka/iptables.txt

## iptables.txt
$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-SERVICES  all  --  anywhere             anywhere             /* kubernetes service portals */
KUBE-FIREWALL  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DOCKER-ISOLATION  all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
WEAVE-NPC  all  --  anywhere             anywhere
NFLOG      all  --  anywhere             anywhere             state NEW nflog-group 86
DROP       all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-SERVICES  all  --  anywhere             anywhere             /* kubernetes service portals */
KUBE-FIREWALL  all  --  anywhere             anywhere

Chain DOCKER (1 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain KUBE-FIREWALL (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

Chain KUBE-SERVICES (2 references)
target     prot opt source               destination

Chain WEAVE-NPC (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             base-address.mcast.net/4
WEAVE-NPC-DEFAULT  all  --  anywhere             anywhere             state NEW
WEAVE-NPC-INGRESS  all  --  anywhere             anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             ! match-set weave-local-pods dst

Chain WEAVE-NPC-DEFAULT (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             match-set weave-iuZcey(5DeXbzgRFs8Szo]+@p dst /* DefaultAllow isolation for namespace: kube-system */
ACCEPT     all  --  anywhere             anywhere             match-set weave-k?Z;25^M}|1s7P3|H9i;*;MhG dst /* DefaultAllow isolation for namespace: default */
ACCEPT     all  --  anywhere             anywhere             match-set weave-4vtqMI+kx/2]jD%_c0S%thO%V dst /* DefaultAllow isolation for namespace: kube-public */

Chain WEAVE-NPC-INGRESS (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             match-set weave-{U;]TI.l|MdRzDhN7$NRn[t)d src match-set weave-KN[_+Gl.dlb1q$;v4h!E_Sg)( dst /* pods: namespace: default, selector: access=true -> pods: namespace: default, selector: run=nginx */
	$ sudo iptables --list
	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
	KUBE-FIREWALL all -- anywhere anywhere

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination
	DOCKER-ISOLATION all -- anywhere anywhere
	DOCKER all -- anywhere anywhere
	ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
	ACCEPT all -- anywhere anywhere
	ACCEPT all -- anywhere anywhere
	WEAVE-NPC all -- anywhere anywhere
	NFLOG all -- anywhere anywhere state NEW nflog-group 86
	DROP all -- anywhere anywhere
	ACCEPT all -- anywhere anywhere
	ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination
	KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
	KUBE-FIREWALL all -- anywhere anywhere

	Chain DOCKER (1 references)
	target prot opt source destination

	Chain DOCKER-ISOLATION (1 references)
	target prot opt source destination
	RETURN all -- anywhere anywhere

	Chain KUBE-FIREWALL (2 references)
	target prot opt source destination
	DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

	Chain KUBE-SERVICES (2 references)
	target prot opt source destination

	Chain WEAVE-NPC (1 references)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
	ACCEPT all -- anywhere base-address.mcast.net/4
	WEAVE-NPC-DEFAULT all -- anywhere anywhere state NEW
	WEAVE-NPC-INGRESS all -- anywhere anywhere state NEW
	ACCEPT all -- anywhere anywhere ! match-set weave-local-pods dst

	Chain WEAVE-NPC-DEFAULT (1 references)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere match-set weave-iuZcey(5DeXbzgRFs8Szo]+@p dst /* DefaultAllow isolation for namespace: kube-system */
	ACCEPT all -- anywhere anywhere match-set weave-k?Z;25^M}\|1s7P3\|H9i;;MhG dst / DefaultAllow isolation for namespace: default */
	ACCEPT all -- anywhere anywhere match-set weave-4vtqMI+kx/2]jD%_c0S%thO%V dst /* DefaultAllow isolation for namespace: kube-public */

	Chain WEAVE-NPC-INGRESS (1 references)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere match-set weave-{U;]TI.l\|MdRzDhN7$NRn[t)d src match-set weave-KN[_+Gl.dlb1q$;v4h!E_Sg)( dst /* pods: namespace: default, selector: access=true -> pods: namespace: default, selector: run=nginx */