Created
May 24, 2018 13:59
-
-
Save stevesloka/6ef2b0a3ebdfcd589d5fb5b9bdf590b1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo iptables -L -n -v | |
| Chain INPUT (policy ACCEPT 778 packets, 364K bytes) | |
| pkts bytes target prot opt in out source destination | |
| 11M 2729M cali-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Cz_u1IQiXIMmKD4c */ | |
| 11M 2727M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 11M 2891M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain FORWARD (policy DROP 10 packets, 400 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 1892K 1853M cali-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wUHhoiAYhphO9Mso */ | |
| 5676 310K KUBE-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forward rules */ | |
| 3811 198K DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 | |
| Chain OUTPUT (policy ACCEPT 799 packets, 468K bytes) | |
| pkts bytes target prot opt in out source destination | |
| 11M 3410M cali-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 */ | |
| 11M 3410M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 11M 3410M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain DOCKER (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain DOCKER-ISOLATION (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 3811 198K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain KUBE-FIREWALL (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000 | |
| Chain KUBE-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 10 600 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x4000/0x4000 | |
| 0 0 ACCEPT all -- * * 192.168.0.0/16 0.0.0.0/0 /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 192.168.0.0/16 /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED | |
| Chain KUBE-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1892K 1853M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JV9-BRWxjz8He5Ib */ MARK and 0xf1ffffff | |
| 1892K 1853M cali-from-hep-forward all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:p3dIAeGsCabF0CUT */ mark match 0x0/0x1000000 | |
| 863K 87M cali-from-wl-dispatch all -- cali+ * 0.0.0.0/0 0.0.0.0/0 /* cali:DeNlxb0sUevj_Plt */ | |
| 1026K 1766M cali-to-wl-dispatch all -- * cali+ 0.0.0.0/0 0.0.0.0/0 /* cali:B81FOaQNZymbX9H8 */ | |
| 14250 943K cali-to-hep-forward all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bB-I9T0YRAYMASx0 */ | |
| 8574 633K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:I1Ki7aNgQsJFzEpG */ /* Policy explicitly accepted packet. */ mark match 0x1000000/0x1000000 | |
| Chain cali-INPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:i7okJZpS8VxaJB3n */ mark match 0x1000000/0x1000000 | |
| 6332 841K ACCEPT 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:kLJdl8-9MpSKcclh */ /* Allow IPIP packets from Calico hosts */ match-set cali4-all-hosts src ADDRTYPE match dst-type LOCAL | |
| 0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JhfQUFFJ2v0jbipF */ /* Drop IPIP packets from non-Calico hosts */ | |
| 244K 39M cali-wl-to-host all -- cali+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:lCcyvgf8VeDM1u1- */ | |
| 11M 2689M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GlrNbO_EUWYWRCaO */ MARK and 0xf0ffffff | |
| 11M 2689M cali-from-host-endpoint all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:K-V6zS0uXrZMyaMZ */ | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:LxVlCgv5vgFY0hIt */ /* Host endpoint policy accepted packet. */ mark match 0x1000000/0x1000000 | |
| Chain cali-OUTPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YQSSJIsRcHjFbXaI */ mark match 0x1000000/0x1000000 | |
| 0 0 cali-to-wl-dispatch all -- * cali+ 0.0.0.0/0 0.0.0.0/0 /* cali:N882DxHZfedrB21M */ ipvs | |
| 230K 1083M RETURN all -- * cali+ 0.0.0.0/0 0.0.0.0/0 /* cali:3DMcCmSodO9PvZSQ */ | |
| 5774 581K ACCEPT 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:z0oSsuDED75MEj0R */ /* Allow IPIP packets to other Calico hosts */ match-set cali4-all-hosts dst ADDRTYPE match src-type LOCAL | |
| 11M 2326M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QNnJdgwPtObqbUOD */ MARK and 0xf0ffffff | |
| 11M 2326M cali-to-host-endpoint all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:B2nj6q0bloZNBIi- */ | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Exh0jTsM68POxMgM */ /* Host endpoint policy accepted packet. */ mark match 0x1000000/0x1000000 | |
| Chain cali-failsafe-in (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wWFQM43tJU7wwnFZ */ multiport dports 22 | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:LwNV--R8MjeUYacw */ multiport dports 68 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QOO5NUOqOSS1_Iw0 */ multiport dports 179 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cwZWoBSwVeIAZmVN */ multiport dports 2379 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:7FbNXT91kugE_upR */ multiport dports 2380 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ywE9WYUBEpve70WT */ multiport dports 6666 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:l-WQSVBf_lygPR0J */ multiport dports 6667 | |
| Chain cali-failsafe-out (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:82hjfji-wChFhAqL */ multiport dports 53 | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:TNM3RfEjbNr72hgH */ multiport dports 67 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ycxKitIl4u3dK0HR */ multiport dports 179 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hxjEWyxdkXXkdvut */ multiport dports 2379 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cA_GLtruuvG88KiO */ multiport dports 2380 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Sb1hkLYFMrKS6r01 */ multiport dports 6666 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:UwLSebGONJUG4yG- */ multiport dports 6667 | |
| Chain cali-from-hep-forward (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-host-endpoint (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-wl-dispatch (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-from-wl-dispatch-1 all -- cali1+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:aA7PbfJxlypkbHNq */ | |
| 628K 74M cali-fw-cali528b334418c all -- cali528b334418c * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:eValH_fkb_avWPOs */ | |
| 0 0 cali-fw-cali62c2aa48248 all -- cali62c2aa48248 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:dKqqqOWPrAhkJMrd */ | |
| 155K 9701K cali-fw-cali75e2724b761 all -- cali75e2724b761 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:-12eEGLR2tn2L4Le */ | |
| 85463 24M cali-fw-cali9576b19b20b all -- cali9576b19b20b * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:uC_EKpxm4tw72nBx */ | |
| 85738 8100K cali-fw-caliaf51882081e all -- caliaf51882081e * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:kUkMKCZtvX88GyPz */ | |
| 0 0 cali-fw-calibc892547956 all -- calibc892547956 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:gIi2A3s-A2SmGvgx */ | |
| 153K 8972K cali-fw-calid87126ea67e all -- calid87126ea67e * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:uzYb20lCFoZV95b0 */ | |
| 0 0 cali-from-wl-dispatch-f all -- calif+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:ZWYqTVzCeyoTW0QK */ | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tGSdUuNnTQDG5Qlc */ /* Unknown interface */ | |
| Chain cali-from-wl-dispatch-1 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-fw-cali13b2f12fae4 all -- cali13b2f12fae4 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:pJoPOv31OWEAlZTl */ | |
| 0 0 cali-fw-cali178c988eb9c all -- cali178c988eb9c * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:UasHjrPGeuAdCIyd */ | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_QVaW3xKKd0tXJSp */ /* Unknown interface */ | |
| Chain cali-from-wl-dispatch-f (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-fw-calif458c3727b6 all -- calif458c3727b6 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:vRxg_wn_0Ct3leqZ */ | |
| 0 0 cali-fw-califd3f7eb9612 all -- califd3f7eb9612 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:V7pB4m9cavMiiNGQ */ | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:COs4Qsnvw0eg5aTc */ /* Unknown interface */ | |
| Chain cali-fw-cali13b2f12fae4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:N0HKx5n2c77l_BFZ */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:D22XuE4S91Km70Fc */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:H6ZoSfvVAKPAPzOm */ MARK and 0xfeffffff | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JUOfb0v9hw3jZgHv */ /* Start of policies */ MARK and 0xfdffffff | |
| 0 0 cali-po-_dnIlzHF8_k064kyxipS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Cr0CCxmMqPQ3TJc7 */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0kwWmHRwqEsCuOhS */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Bhxf1_hNbbf4JaoC */ /* Drop if no policies passed packet */ mark match 0x0/0x2000000 | |
| 0 0 cali-pro-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xdlqpH4RMlbxlOsP */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:qXyxAV5Rlddm-Tm2 */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KmIb_rKttxC-BwOt */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali178c988eb9c (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:AKJSErB4wv3GIjaE */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JKHC7XaUxp_J2XXo */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JJayrpnN4nTJjZUG */ MARK and 0xfeffffff | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:rLEJFm7DtO79w-2J */ /* Start of policies */ MARK and 0xfdffffff | |
| 0 0 cali-po-_dnIlzHF8_k064kyxipS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:2Bh7vq0p_mL0zL9d */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yhRXS4rBweJuBQt8 */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JL4v8UI4DVHVKOA1 */ /* Drop if no policies passed packet */ mark match 0x0/0x2000000 | |
| 0 0 cali-pro-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_1y5ztfyqLGO-pbi */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:sUG64embRMIE_ZUZ */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:HvVLUaE0jtv9hffS */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali528b334418c (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 625K 74M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xxkwlhbIekOFW8OA */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QpUl1trbmHN3fJG5 */ ctstate INVALID | |
| 2974 179K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4Mzcl8YuPOAoKtC3 */ MARK and 0xfeffffff | |
| 2974 179K cali-pro-_P5RMz0XSGoFbd1eezW all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ofpoejo1A0_QH7Si */ | |
| 2974 179K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:g5qBQ92iiPkI3erX */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:VF_gTyIA-U5MiSqA */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali62c2aa48248 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:WVT77FSkzGWCSsy6 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:vns-5RNgva_2OhA- */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:78Idr3NX9ktXjVVz */ MARK and 0xfeffffff | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Cpeva39CzRUeWc0o */ /* Start of policies */ MARK and 0xfdffffff | |
| 0 0 cali-po-_dnIlzHF8_k064kyxipS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:G8UuMQ5RTD_oNsrW */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:FVw05ZUXtqmj0c3y */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:14qHoVUWePRR8vC- */ /* Drop if no policies passed packet */ mark match 0x0/0x2000000 | |
| 0 0 cali-pro-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bw38iZg2w55HFtgB */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Ira_QQtu-ZxMMWYj */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cfOQp69soJnGW4DC */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali75e2724b761 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 155K 9701K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GU_1QRpHHm7XB8qt */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xeR2ZhLLhslcPv8n */ ctstate INVALID | |
| 5 300 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:s-_F8am3GEG227ug */ MARK and 0xfeffffff | |
| 5 300 cali-pro-kns.gimbal-contour all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:NKf3bbR64VDIUYsB */ | |
| 5 300 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:IxqsZPRaCMTnkOZ8 */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:AstJ06gtuXv1JJhl */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali9576b19b20b (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 85463 24M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:vUs6i0ICk3SiGBti */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:TF5QGbyv8zLMHl4m */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ro5zFrX1H_VL4XYu */ MARK and 0xfeffffff | |
| 0 0 cali-pro-_P5RMz0XSGoFbd1eezW all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ae3hYxrCG4q4gaL0 */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ITodC47ZSEWGlOaw */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ClyzE1Up9NKf_BpD */ /* Drop if no profiles matched */ | |
| Chain cali-fw-caliaf51882081e (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 80120 7646K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Ms1YEgSHV8ObfN9W */ ctstate RELATED,ESTABLISHED | |
| 23 920 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Ghx0ZIPnFrzp6ySA */ ctstate INVALID | |
| 5595 454K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:eFko3ZEq4jl14eoi */ MARK and 0xfeffffff | |
| 5595 454K cali-pro-_P5RMz0XSGoFbd1eezW all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:P6pZIFjaee6weXp3 */ | |
| 5595 454K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:e2zb_Hof6lnYDukY */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:jM0GSv58DJEyKwgh */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calibc892547956 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GRAfsK1A9s_mV1Cr */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:E_Z8Onlj5tBGLiF0 */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:A1101e4xY2NcfDAA */ MARK and 0xfeffffff | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tSs_3Kn227z79gP5 */ /* Start of policies */ MARK and 0xfdffffff | |
| 0 0 cali-po-_dnIlzHF8_k064kyxipS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:l8-Oqmr4ZbtpAs7z */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yTSs0d4ypmu8nDZo */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dGL49za-3l7WhmD6 */ /* Drop if no policies passed packet */ mark match 0x0/0x2000000 | |
| 0 0 cali-pro-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:IKwZA_mvPNTfaBf5 */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4OE_Ohusv_oIWiRi */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4UBxABgDu1p7JAV6 */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calid87126ea67e (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 153K 8972K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yQdOGONunmfymGAK */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0mkidnbJNAd5J0qZ */ ctstate INVALID | |
| 5 300 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hR8aSoOUQwsQJH_U */ MARK and 0xfeffffff | |
| 5 300 cali-pro-kns.gimbal-contour all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:2QQBQ4G5WLYAg20I */ | |
| 5 300 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bk_6lBvkf3pXrr0x */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:znk6uGx2muJInda8 */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calif458c3727b6 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:S0_DS_U8ozi38uo- */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:FyqgYV_9UBP3fdy_ */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:paaTa0oYeo5gl2kF */ MARK and 0xfeffffff | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Ot4c8egjwbBrPoQy */ /* Start of policies */ MARK and 0xfdffffff | |
| 0 0 cali-po-_dnIlzHF8_k064kyxipS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:oM_oCiOPNYaSc4SH */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:271McdxIIEOaoshi */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:G_JJB2F9ZF0aZjGN */ /* Drop if no policies passed packet */ mark match 0x0/0x2000000 | |
| 0 0 cali-pro-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:2VOia8YZyFraLw0m */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JEVT4RHJen2q328G */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_5c-lWFQ_rCpssAI */ /* Drop if no profiles matched */ | |
| Chain cali-fw-califd3f7eb9612 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hA-7chzWzDE5l-7v */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:7uuxj55lHw2ITOE1 */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ZkZKwElRyDuOyWDK */ MARK and 0xfeffffff | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6WbQxrNBqxkkgHGZ */ /* Start of policies */ MARK and 0xfdffffff | |
| 0 0 cali-po-_dnIlzHF8_k064kyxipS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0Q8Z7I8ATR51CSE8 */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:41XbUT44VY0N-Hew */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:kmknJIcbL827OF7N */ /* Drop if no policies passed packet */ mark match 0x0/0x2000000 | |
| 0 0 cali-pro-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:L_jeuFR1E0Ox2Pcy */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:I9jl8kASz00fnPMN */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:85aYqaEHmJ9MqJrK */ /* Drop if no profiles matched */ | |
| Chain cali-pi-_15fP7h2BhHqXrVy2YVr (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-pi-_dnIlzHF8_k064kyxipS (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-pi-_zeb3qPnjSyoJ202nHRG (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xT17pONxyl9ZCllI */ match-set cali4-s:JltkHP38TK4MQC4Nk4pfOzk src MARK or 0x1000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XVOzKVgu4gwCIBhK */ mark match 0x1000000/0x1000000 | |
| Chain cali-po-_15fP7h2BhHqXrVy2YVr (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-po-_dnIlzHF8_k064kyxipS (6 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:8YwK3osSNNfzDEqw */ MARK xset 0x4000000/0xc000000 | |
| 0 0 MARK all -- * * 0.0.0.0/0 169.254.169.254 /* cali:BWTV9NTCd_TyfHX8 */ MARK and 0xfbffffff | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:swUZkSsg16_LZ7H- */ mark match 0x4000000/0x4000000 MARK or 0x1000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CLAup8UPCXIpBUo1 */ mark match 0x1000000/0x1000000 | |
| Chain cali-po-_zeb3qPnjSyoJ202nHRG (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-pri-_P5RMz0XSGoFbd1eezW (3 references) | |
| pkts bytes target prot opt in out source destination | |
| 2746 165K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QHj6nBs4WHPftOrL */ MARK or 0x1000000 | |
| 2746 165K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cbKLh2ko8JnFj5Qk */ mark match 0x1000000/0x1000000 | |
| Chain cali-pri-kns.default (6 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5yVkkQ7pBcxxkSaE */ MARK or 0x1000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:pZi5w5MrTl3DghSD */ mark match 0x1000000/0x1000000 | |
| Chain cali-pri-kns.gimbal-contour (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:3bLEhrbvY-Tikr40 */ MARK or 0x1000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:VJHy4L6Qj1aunZOE */ mark match 0x1000000/0x1000000 | |
| Chain cali-pro-_P5RMz0XSGoFbd1eezW (3 references) | |
| pkts bytes target prot opt in out source destination | |
| 8569 633K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Tq78YcGWeuUgvAEu */ MARK or 0x1000000 | |
| 8569 633K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5FgFeehb7L9bm-0G */ mark match 0x1000000/0x1000000 | |
| Chain cali-pro-kns.default (6 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:gbqtfAKh_VXndzz6 */ MARK or 0x1000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JMure-l4CiemFMIB */ mark match 0x1000000/0x1000000 | |
| Chain cali-pro-kns.gimbal-contour (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 10 600 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:z44zpKxL8hpzJqNZ */ MARK or 0x1000000 | |
| 10 600 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:OhiBUL6jTm7a7xFL */ mark match 0x1000000/0x1000000 | |
| Chain cali-to-hep-forward (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-to-host-endpoint (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-to-wl-dispatch (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-to-wl-dispatch-1 all -- * cali1+ 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:svNUGuuCd7LCNEXq */ | |
| 668K 1562M cali-tw-cali528b334418c all -- * cali528b334418c 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:OZ6mRnbJ53Xl7jLM */ | |
| 0 0 cali-tw-cali62c2aa48248 all -- * cali62c2aa48248 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:NGZ3w4xsIdmCjSjW */ | |
| 173K 100M cali-tw-cali75e2724b761 all -- * cali75e2724b761 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:vKADZBY7uUa41T6W */ | |
| 2746 165K cali-tw-cali9576b19b20b all -- * cali9576b19b20b 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:UksXEszKRmBXnYRP */ | |
| 10071 3878K cali-tw-caliaf51882081e all -- * caliaf51882081e 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:_hC4mI_tKD5D0D50 */ | |
| 0 0 cali-tw-calibc892547956 all -- * calibc892547956 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:SKawfZorcHV9srq7 */ | |
| 173K 100M cali-tw-calid87126ea67e all -- * calid87126ea67e 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:T_urLQLLIfEXe75r */ | |
| 0 0 cali-to-wl-dispatch-f all -- * calif+ 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:qSe5NdxbuFPz9TNy */ | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XSCi_bhsTDKRzESZ */ /* Unknown interface */ | |
| Chain cali-to-wl-dispatch-1 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-tw-cali13b2f12fae4 all -- * cali13b2f12fae4 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:Oh5IbSqo-RNE3mxV */ | |
| 0 0 cali-tw-cali178c988eb9c all -- * cali178c988eb9c 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:1FLlxaJ9pdW7om49 */ | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:auf8kzvipCNup_ie */ /* Unknown interface */ | |
| Chain cali-to-wl-dispatch-f (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-tw-calif458c3727b6 all -- * calif458c3727b6 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:GDoLfkVSACNb2xF- */ | |
| 0 0 cali-tw-califd3f7eb9612 all -- * califd3f7eb9612 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:LmN4GuZrFbczxIhC */ | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:-0UFsZKuNYlJc9Ed */ /* Unknown interface */ | |
| Chain cali-tw-cali13b2f12fae4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_3_ew87Q_tIiy6rm */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Htl5kmdwhvkzRW75 */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YHg7KwiyqAvmr1Am */ MARK and 0xfeffffff | |
| 0 0 cali-pri-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KWZ1y77NWWCnC5Ge */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:c2DAarVoE9XYLeGo */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:g8LLTs_4SV07TL-c */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali178c988eb9c (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EHz_aMh8IrwMxuXB */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:y6a9FlEGFGoCmaRb */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SR7gAdmWcqX6uaLL */ MARK and 0xfeffffff | |
| 0 0 cali-pri-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:HQRVY_E-sw_xznnt */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:iL0IbLNH_gOG5F00 */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:2FlGu0W4ECMx8mPs */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali528b334418c (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 668K 1562M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:p91RRUEsWXC5E3us */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KCmDSZKG6t9aNxKp */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xXPj3XQb2gr9V9Da */ MARK and 0xfeffffff | |
| 0 0 cali-pri-_P5RMz0XSGoFbd1eezW all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SRtQBSdeW3h5FX-g */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:appDTpk4zyNCTwLJ */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:MFA1g5WClITG7wDj */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali62c2aa48248 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:zqMaK7C8bMsSSPC4 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:T-BsvVKeF607mCIh */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0REOCOrUFL-PI_vp */ MARK and 0xfeffffff | |
| 0 0 cali-pri-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:VjN3WZ-hE-N7_lwS */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:lzHRbYkdeIhSGroK */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wr-uzM91X8ZKqs5j */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali75e2724b761 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 172K 100M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:amaR5aXVGAm1b5K2 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bSEvOzKJK0_HZuEU */ ctstate INVALID | |
| 700 42000 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:eqqvoVGm2pLqjWJt */ MARK and 0xfeffffff | |
| 700 42000 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:oH7047xyRIhNt-lH */ /* Start of policies */ MARK and 0xfdffffff | |
| 700 42000 cali-pi-_15fP7h2BhHqXrVy2YVr all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EsXeVKs1v4I9wuN7 */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EQ-i2p9n26CpqMfR */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 700 42000 cali-pi-_zeb3qPnjSyoJ202nHRG all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hbU7LiMwelSzdYon */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:c4M6w1fQF6AqvQUF */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 700 42000 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YQ2qfzT5rLjrJheR */ /* Drop if no policies passed packet */ mark match 0x0/0x2000000 | |
| 0 0 cali-pri-kns.gimbal-contour all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6BQ8wmwWI8ty7Ren */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:TZGacT6kymgMZIo6 */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:t6w7SQQoewrsi-yT */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali9576b19b20b (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:-u0yU48EvL3zMwZj */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Lnd6QRmWagKd4x4U */ ctstate INVALID | |
| 2746 165K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:2OyREsicRJqKs5bq */ MARK and 0xfeffffff | |
| 2746 165K cali-pri-_P5RMz0XSGoFbd1eezW all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EiUucflQ8UFJjrt9 */ | |
| 2746 165K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:sZbA627Pfh_wVsPz */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:eXgJXYdMLByrqhBD */ /* Drop if no profiles matched */ | |
| Chain cali-tw-caliaf51882081e (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 10071 3878K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CSy86FEYrCF46O1x */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:e4iE_ERjS3hkeOJ1 */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5Mys6HYcJDkfiLFv */ MARK and 0xfeffffff | |
| 0 0 cali-pri-_P5RMz0XSGoFbd1eezW all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:aSjSwvvTn_2jfV12 */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:WwQcKXctdKYM-xRT */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:iLy9TBD7UQKCnxMX */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calibc892547956 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:kcREnAqotlCYfaH7 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5H6RzszrlbQJpjPU */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:MPBvoXe5sDBTC1_l */ MARK and 0xfeffffff | |
| 0 0 cali-pri-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bvL91a7k9uGyKLsE */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hkGNMB7XjH-PUCmz */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xVM8gOjxgBnSyW_C */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calid87126ea67e (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 172K 100M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6PjygP9t_Z1DjK-M */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:q2mDH35ekoHed-5Q */ ctstate INVALID | |
| 624 37440 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RtvR3Q6XdF6Y_c1n */ MARK and 0xfeffffff | |
| 624 37440 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:slYlKFVYbsVyF5-t */ /* Start of policies */ MARK and 0xfdffffff | |
| 624 37440 cali-pi-_15fP7h2BhHqXrVy2YVr all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ETa-x5JWgTGRgDyB */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:sv65D5KYQfzLe4UE */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 624 37440 cali-pi-_zeb3qPnjSyoJ202nHRG all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_8YfF5o65lUCwAIo */ mark match 0x0/0x2000000 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:-J6PFp9brXjryZ8N */ /* Return if policy accepted */ mark match 0x1000000/0x1000000 | |
| 624 37440 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bDxose-gjc1L1EpV */ /* Drop if no policies passed packet */ mark match 0x0/0x2000000 | |
| 0 0 cali-pri-kns.gimbal-contour all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Z1Pd_hpAlUXtLnH0 */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SoiosAcI3u-R8b2h */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:kOqyo8FdB_bfJ9tS */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calif458c3727b6 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:2XeTb77B98a95uel */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nf9zCFznzpsUAj2N */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Mziu6QEf-TmM_24X */ MARK and 0xfeffffff | |
| 0 0 cali-pri-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yLwB4vLGb-9_T9s4 */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SCpTHHRUaU6389Mh */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:8zxqZVWrv6dDuN17 */ /* Drop if no profiles matched */ | |
| Chain cali-tw-califd3f7eb9612 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QiAm8PkUbjsRI18W */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Z9lSGBB79DnhJ65W */ ctstate INVALID | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:h_vWbF_RJpeRZXWy */ MARK and 0xfeffffff | |
| 0 0 cali-pri-kns.default all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:X2rRxbwVU0Xlz5no */ | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:UgefYtIou2tPDCNy */ /* Return if profile accepted */ mark match 0x1000000/0x1000000 | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Skvu5JMpTiHOWGGD */ /* Drop if no profiles matched */ | |
| Chain cali-wl-to-host (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 244K 39M cali-from-wl-dispatch all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Ee9Sbo10IpVujdIY */ | |
| 5 300 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */ | |
| $ sudo iptables -t nat -L -n -v | |
| Chain PREROUTING (policy ACCEPT 53 packets, 3180 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 46232 2893K cali-PREROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6gwbT8clXdHdC1b1 */ | |
| 46235 2893K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 2497 150K DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL | |
| Chain INPUT (policy ACCEPT 9 packets, 540 bytes) | |
| pkts bytes target prot opt in out source destination | |
| Chain OUTPUT (policy ACCEPT 20 packets, 1249 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 153K 9278K cali-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 */ | |
| 154K 9286K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 30290 1817K DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL | |
| Chain POSTROUTING (policy ACCEPT 20 packets, 1249 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 164K 10M cali-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:O3lYWMrLQYEMJtB5 */ | |
| 163K 9978K KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */ | |
| 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 | |
| Chain DOCKER (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 | |
| Chain KUBE-MARK-DROP (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000 | |
| Chain KUBE-MARK-MASQ (53 references) | |
| pkts bytes target prot opt in out source destination | |
| 23 1380 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 | |
| Chain KUBE-NODEPORTS (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 23 1380 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp dpt:31374 | |
| 23 1380 KUBE-SVC-VGUGL7TZFANW37JV tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp dpt:31374 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp dpt:30920 | |
| 0 0 KUBE-SVC-7GKTSNE6GNAIQCMZ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp dpt:30920 | |
| Chain KUBE-POSTROUTING (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 22 1320 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000 | |
| Chain KUBE-SEP-26EDTD2Y3M2VLBI3 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.130 0.0.0.0/0 /* default/nginx: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ tcp to:192.168.126.130:80 | |
| Chain KUBE-SEP-2BT5KFLOVD7BXWCV (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.14.17 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.14.17:80 | |
| Chain KUBE-SEP-2IPKXRKEC5SAIV7G (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.134 0.0.0.0/0 /* default/kuard: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ tcp to:192.168.126.134:8080 | |
| Chain KUBE-SEP-33HYPSN4IT6VKU7F (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.24.13 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 3 180 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.24.13:80 | |
| Chain KUBE-SEP-3KATSLZWKIRYFGC2 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.8.132 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 4 240 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.8.132:80 | |
| Chain KUBE-SEP-4BHHU3IWEGJOUCNL (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.136 0.0.0.0/0 /* gimbal-contour/contour:xds */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/contour:xds */ tcp to:192.168.126.136:8001 | |
| Chain KUBE-SEP-4WJI4X6STELUDQOP (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.31.65 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.31.65:443 | |
| Chain KUBE-SEP-6FD66HBLJLL3S7Z5 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.243.194 0.0.0.0/0 /* kube-system/kube-dns:dns */ | |
| 0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:192.168.243.194:53 | |
| Chain KUBE-SEP-6MBE2UD74NX5VQG7 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.5.212 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.5.212:80 | |
| Chain KUBE-SEP-7545D7CDZOX7WHXH (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.133 0.0.0.0/0 /* gimbal-monitoring/prometheus-alertmanager:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus-alertmanager:http */ tcp to:192.168.126.133:9093 | |
| Chain KUBE-SEP-AMQ2QL2AZFTYML2T (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.129 0.0.0.0/0 /* gimbal-monitoring/prometheus:prometheus */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus:prometheus */ tcp to:192.168.126.129:9090 | |
| Chain KUBE-SEP-CFDJGCTPU2O3A76M (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.5.212 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.5.212:443 | |
| Chain KUBE-SEP-CLDNRYYF75LH5NJB (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.27.141 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.27.141:80 | |
| Chain KUBE-SEP-DNY4K4TAO4O4PARO (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.131 0.0.0.0/0 /* default/kuard: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ tcp to:192.168.126.131:8080 | |
| Chain KUBE-SEP-FH7QPIRIIJWDKONQ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.0.216 0.0.0.0/0 /* kube-system/calico-etcd: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/calico-etcd: */ tcp to:10.0.0.216:6666 | |
| Chain KUBE-SEP-FU3UCWDXPUNUTUOV (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.0.216 0.0.0.0/0 /* default/kubernetes:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-FU3UCWDXPUNUTUOV side: source mask: 255.255.255.255 tcp to:10.0.0.216:6443 | |
| Chain KUBE-SEP-GBJODNXULY5CVANQ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.138 0.0.0.0/0 /* default/kuard: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ tcp to:192.168.126.138:8080 | |
| Chain KUBE-SEP-GQTCLTHCGSFEF7LZ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.16.242 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.16.242:443 | |
| Chain KUBE-SEP-H35PYH3J67LECECV (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.31.65 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 5 300 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.31.65:80 | |
| Chain KUBE-SEP-HEGDXEQ57YPN3U24 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.24.13 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.24.13:443 | |
| Chain KUBE-SEP-JY34KYUIEVIDSNCX (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.27.141 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.27.141:443 | |
| Chain KUBE-SEP-KBOMVPA3T3U5IKIB (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.13.176 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.13.176:80 | |
| Chain KUBE-SEP-LI6PJOEPHH5JSHOY (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.16.242 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 4 240 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.16.242:80 | |
| Chain KUBE-SEP-NPXS72ITJNHP5LVC (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.132 0.0.0.0/0 /* default/nginx: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ tcp to:192.168.126.132:80 | |
| Chain KUBE-SEP-QRSDVN45ZJBP464R (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.243.194 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:192.168.243.194:53 | |
| Chain KUBE-SEP-SET5JHSDLPZMFAFN (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.139 0.0.0.0/0 /* gimbal-contour/contour:xds */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/contour:xds */ tcp to:192.168.126.139:8001 | |
| Chain KUBE-SEP-SXTBEUF7ZWLK3HT4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.135 0.0.0.0/0 /* gimbal-monitoring/grafana:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/grafana:http */ tcp to:192.168.126.135:3000 | |
| Chain KUBE-SEP-TQPFPD57AKTANVCT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.2.182 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.2.182:443 | |
| Chain KUBE-SEP-UA3IK5Q24DKVAOS4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.26.64 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.26.64:80 | |
| Chain KUBE-SEP-UVIO6OVB4DLK3B6U (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.243.193 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ tcp to:192.168.243.193:8443 | |
| Chain KUBE-SEP-WS56KTDQD6YZ6KPM (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.137 0.0.0.0/0 /* default/nginx: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ tcp to:192.168.126.137:80 | |
| Chain KUBE-SEP-XCQAW74VJHYUORKF (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.26.64 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.26.64:443 | |
| Chain KUBE-SEP-YHSANM274RK3LXD2 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.8.132 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.8.132:443 | |
| Chain KUBE-SEP-YNPYCAWNFQ4S7UEN (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.2.182 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 3 180 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.2.182:80 | |
| Chain KUBE-SEP-YWA4LP2ZOXAARHJE (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.129 0.0.0.0/0 /* gimbal-monitoring/prometheus:alertmanager */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus:alertmanager */ tcp to:192.168.126.129:9093 | |
| Chain KUBE-SEP-ZL2ITM2FK4NVXK5I (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.14.17 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.14.17:443 | |
| Chain KUBE-SEP-ZVCUH2AH4TUV5WRX (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.13.176 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.13.176:443 | |
| Chain KUBE-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 | |
| 0 0 KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- * * 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.101.132.1 /* gimbal-contour/envoy:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-VGUGL7TZFANW37JV tcp -- * * 0.0.0.0/0 10.101.132.1 /* gimbal-contour/envoy:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.177.229 /* default/kuard: cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-CUXC5A3HHHVSSN62 tcp -- * * 0.0.0.0/0 10.96.177.229 /* default/kuard: cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ udp -- * * !192.168.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 | |
| 0 0 KUBE-SVC-TCOU7JCQXEZGVUNU udp -- * * 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.100.91.239 /* default/nginx: cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-4N57TFCL4MD7ZTDA tcp -- * * 0.0.0.0/0 10.100.91.239 /* default/nginx: cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.241.108 /* kube-system/kubernetes-dashboard: cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-XGLOHA7QRQ3V22RZ tcp -- * * 0.0.0.0/0 10.96.241.108 /* kube-system/kubernetes-dashboard: cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.99.85.154 /* gimbal-monitoring/prometheus-alertmanager:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-G65T4O2MFTHDUTP4 tcp -- * * 0.0.0.0/0 10.99.85.154 /* gimbal-monitoring/prometheus-alertmanager:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.98.248.116 /* gimbal-contour/contour:xds cluster IP */ tcp dpt:8001 | |
| 0 0 KUBE-SVC-2BA23KRJACDGL5RY tcp -- * * 0.0.0.0/0 10.98.248.116 /* gimbal-contour/contour:xds cluster IP */ tcp dpt:8001 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.106.110.103 /* gimbal-monitoring/prometheus:alertmanager cluster IP */ tcp dpt:9093 | |
| 0 0 KUBE-SVC-243SO42FGIGQCAFA tcp -- * * 0.0.0.0/0 10.106.110.103 /* gimbal-monitoring/prometheus:alertmanager cluster IP */ tcp dpt:9093 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.111.14.51 /* gimbal-monitoring/grafana:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-J4UFY7V774FZD53P tcp -- * * 0.0.0.0/0 10.111.14.51 /* gimbal-monitoring/grafana:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.232.136 /* kube-system/calico-etcd: cluster IP */ tcp dpt:6666 | |
| 0 0 KUBE-SVC-NTYB37XIWATNM25Y tcp -- * * 0.0.0.0/0 10.96.232.136 /* kube-system/calico-etcd: cluster IP */ tcp dpt:6666 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.106.110.103 /* gimbal-monitoring/prometheus:prometheus cluster IP */ tcp dpt:9090 | |
| 0 0 KUBE-SVC-Y5RKNB4LCQCQFTMW tcp -- * * 0.0.0.0/0 10.106.110.103 /* gimbal-monitoring/prometheus:prometheus cluster IP */ tcp dpt:9090 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.101.132.1 /* gimbal-contour/envoy:https cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-7GKTSNE6GNAIQCMZ tcp -- * * 0.0.0.0/0 10.101.132.1 /* gimbal-contour/envoy:https cluster IP */ tcp dpt:443 | |
| 43 2603 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL | |
| Chain KUBE-SVC-243SO42FGIGQCAFA (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-YWA4LP2ZOXAARHJE all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus:alertmanager */ | |
| Chain KUBE-SVC-2BA23KRJACDGL5RY (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-4BHHU3IWEGJOUCNL all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/contour:xds */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-SET5JHSDLPZMFAFN all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/contour:xds */ | |
| Chain KUBE-SVC-4N57TFCL4MD7ZTDA (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-26EDTD2Y3M2VLBI3 all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ statistic mode random probability 0.33332999982 | |
| 0 0 KUBE-SEP-NPXS72ITJNHP5LVC all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-WS56KTDQD6YZ6KPM all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ | |
| Chain KUBE-SVC-7GKTSNE6GNAIQCMZ (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-ZVCUH2AH4TUV5WRX all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.10000000009 | |
| 0 0 KUBE-SEP-ZL2ITM2FK4NVXK5I all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.11110999994 | |
| 0 0 KUBE-SEP-GQTCLTHCGSFEF7LZ all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.12500000000 | |
| 0 0 KUBE-SEP-TQPFPD57AKTANVCT all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.14286000002 | |
| 0 0 KUBE-SEP-HEGDXEQ57YPN3U24 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.16667000018 | |
| 0 0 KUBE-SEP-XCQAW74VJHYUORKF all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.20000000019 | |
| 0 0 KUBE-SEP-JY34KYUIEVIDSNCX all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.25000000000 | |
| 0 0 KUBE-SEP-4WJI4X6STELUDQOP all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.33332999982 | |
| 0 0 KUBE-SEP-CFDJGCTPU2O3A76M all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-YHSANM274RK3LXD2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| Chain KUBE-SVC-CUXC5A3HHHVSSN62 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-DNY4K4TAO4O4PARO all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ statistic mode random probability 0.33332999982 | |
| 0 0 KUBE-SEP-2IPKXRKEC5SAIV7G all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-GBJODNXULY5CVANQ all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ | |
| Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-QRSDVN45ZJBP464R all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ | |
| Chain KUBE-SVC-G65T4O2MFTHDUTP4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-7545D7CDZOX7WHXH all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus-alertmanager:http */ | |
| Chain KUBE-SVC-J4UFY7V774FZD53P (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-SXTBEUF7ZWLK3HT4 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/grafana:http */ | |
| Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-FU3UCWDXPUNUTUOV all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-FU3UCWDXPUNUTUOV side: source mask: 255.255.255.255 | |
| 0 0 KUBE-SEP-FU3UCWDXPUNUTUOV all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ | |
| Chain KUBE-SVC-NTYB37XIWATNM25Y (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-FH7QPIRIIJWDKONQ all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/calico-etcd: */ | |
| Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-6FD66HBLJLL3S7Z5 all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ | |
| Chain KUBE-SVC-VGUGL7TZFANW37JV (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-KBOMVPA3T3U5IKIB all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.10000000009 | |
| 1 60 KUBE-SEP-2BT5KFLOVD7BXWCV all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.11110999994 | |
| 4 240 KUBE-SEP-LI6PJOEPHH5JSHOY all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.12500000000 | |
| 3 180 KUBE-SEP-YNPYCAWNFQ4S7UEN all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.14286000002 | |
| 3 180 KUBE-SEP-33HYPSN4IT6VKU7F all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.16667000018 | |
| 1 60 KUBE-SEP-UA3IK5Q24DKVAOS4 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.20000000019 | |
| 1 60 KUBE-SEP-CLDNRYYF75LH5NJB all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.25000000000 | |
| 5 300 KUBE-SEP-H35PYH3J67LECECV all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.33332999982 | |
| 1 60 KUBE-SEP-6MBE2UD74NX5VQG7 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.50000000000 | |
| 4 240 KUBE-SEP-3KATSLZWKIRYFGC2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| Chain KUBE-SVC-XGLOHA7QRQ3V22RZ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-UVIO6OVB4DLK3B6U all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ | |
| Chain KUBE-SVC-Y5RKNB4LCQCQFTMW (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-AMQ2QL2AZFTYML2T all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus:prometheus */ | |
| Chain cali-OUTPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 153K 9278K cali-fip-dnat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GBTAv2p5CwevEyJm */ | |
| Chain cali-POSTROUTING (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 164K 10M cali-fip-snat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Z-c7XtVd2Bq7s_hA */ | |
| 164K 10M cali-nat-outgoing all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nYKhEzDlr11Jccal */ | |
| 220 13200 MASQUERADE all -- * tunl0 0.0.0.0/0 0.0.0.0/0 /* cali:JHlpT-eSqR1TvyYm */ ADDRTYPE match src-type !LOCAL limit-out ADDRTYPE match src-type LOCAL | |
| Chain cali-PREROUTING (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 46232 2893K cali-fip-dnat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:r6XmIziWUJsdOK6Z */ | |
| Chain cali-fip-dnat (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-fip-snat (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-nat-outgoing (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 737 44220 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Wd76s91357Uv7N3v */ match-set cali4-masq-ipam-pools src ! match-set cali4-all-ipam-pools dst |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment