yifan-gu/table.txt

## table.txt
*filter
:KUBE-SERVICES - [0:0]
COMMIT
*nat
:KUBE-SERVICES - [0:0]
:KUBE-NODEPORTS - [0:0]
:KUBE-POSTROUTING - [0:0]
:KUBE-MARK-MASQ - [0:0]
:KUBE-SVC-4RFU3GGCUIJHFZEZ - [0:0]
:KUBE-SEP-CG3BO6CZOYEJLW7B - [0:0]
:KUBE-SEP-N5IGG6PPU7M7SEMF - [0:0]
:KUBE-SVC-2IDT6BM2YVVH2KLM - [0:0]
:KUBE-SEP-WHEYMI4PS7H6HEVV - [0:0]
:KUBE-SEP-GBZST3QOLAW3U7GW - [0:0]
:KUBE-SVC-LWQ6ERSN2GZ2OM7R - [0:0]
:KUBE-SEP-6Z64IOM3Y4UU5EMF - [0:0]
:KUBE-SVC-WTJF2MKKUQXO44KB - [0:0]
:KUBE-SEP-6O3MYO6KKD3GMNNZ - [0:0]
:KUBE-SVC-HW3L6WD3C4KVFFKE - [0:0]
:KUBE-SEP-MMVLH7LSMVYO2JQV - [0:0]
:KUBE-SVC-WNIBEM2D3V4W3PCZ - [0:0]
:KUBE-SEP-AYVOFZWRPK54UCGR - [0:0]
:KUBE-SEP-A54WBIDAT6U34IEK - [0:0]
:KUBE-SVC-IUSNRMZFI7TTS4FG - [0:0]
:KUBE-SEP-GTMWC2VN76OPYUGA - [0:0]
:KUBE-SVC-EI5FL7I4UTJQWVN4 - [0:0]
:KUBE-SEP-L6NN3GNW6HY67JR5 - [0:0]
:KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0]
:KUBE-SEP-HQ3INDTQHSRJAXAV - [0:0]
:KUBE-SVC-GO2LTBO44KXHV5OS - [0:0]
:KUBE-SEP-4U6H5NEHZUIRCLKB - [0:0]
:KUBE-SVC-BJM46V3U5RZHCFRZ - [0:0]
:KUBE-SEP-BQFCWDFZEMKHRR7D - [0:0]
:KUBE-SVC-RUU63FO4D7KXXBEB - [0:0]
:KUBE-SEP-ONMVZA5MKCZE7YS4 - [0:0]
:KUBE-SVC-A6RCWLFMHNFCMRTX - [0:0]
:KUBE-SEP-A73IRJW3JVTSVZHG - [0:0]
:KUBE-SVC-JEJ6BJ5IBP56KA6D - [0:0]
:KUBE-SEP-OIDVMDZM5X3WFPQF - [0:0]
:KUBE-SVC-DFK5ZZPFREAMSJKE - [0:0]
:KUBE-SEP-I6MVPDVTBAPLJS7Q - [0:0]
:KUBE-SVC-HQ22IKBAABFHT5QE - [0:0]
:KUBE-SEP-OV5B5YW7S2E26ZQR - [0:0]
:KUBE-SEP-XZBU5RMYLBX5UK7P - [0:0]
:KUBE-SVC-TCOU7JCQXEZGVUNU - [0:0]
:KUBE-SEP-RVGJJ4PD7HVV72IX - [0:0]
:KUBE-SVC-ERIFXISQEP7F7OF4 - [0:0]
:KUBE-SEP-JUKHXEQ6L3ILCWM4 - [0:0]
:KUBE-SVC-GMW5W2SEZ52UQ3UF - [0:0]
:KUBE-SEP-U22ZRDW665TOKGJL - [0:0]
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x00004000/0x00004000 -j MASQUERADE
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x00004000/0x00004000
-A KUBE-SERVICES -m comment --comment "tectonic-system/alertmanager-main:web cluster IP" -m tcp -p tcp -d 10.3.186.238/32 --dport 9093 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/alertmanager-main:web cluster IP" -m tcp -p tcp -d 10.3.186.238/32 --dport 9093 -j KUBE-SVC-4RFU3GGCUIJHFZEZ
-A KUBE-SVC-4RFU3GGCUIJHFZEZ -m comment --comment tectonic-system/alertmanager-main:web -m statistic --mode random --probability 0.50000 -j KUBE-SEP-CG3BO6CZOYEJLW7B
-A KUBE-SEP-CG3BO6CZOYEJLW7B -m comment --comment tectonic-system/alertmanager-main:web -s 10.2.1.22/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-CG3BO6CZOYEJLW7B -m comment --comment tectonic-system/alertmanager-main:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.22:9093
-A KUBE-SVC-4RFU3GGCUIJHFZEZ -m comment --comment tectonic-system/alertmanager-main:web -j KUBE-SEP-N5IGG6PPU7M7SEMF
-A KUBE-SEP-N5IGG6PPU7M7SEMF -m comment --comment tectonic-system/alertmanager-main:web -s 10.2.1.7/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-N5IGG6PPU7M7SEMF -m comment --comment tectonic-system/alertmanager-main:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.7:9093
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity:worker cluster IP" -m tcp -p tcp -d 10.3.159.131/32 --dport 5556 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity:worker cluster IP" -m tcp -p tcp -d 10.3.159.131/32 --dport 5556 -j KUBE-SVC-2IDT6BM2YVVH2KLM
-A KUBE-SVC-2IDT6BM2YVVH2KLM -m comment --comment tectonic-system/tectonic-identity:worker -m statistic --mode random --probability 0.50000 -j KUBE-SEP-WHEYMI4PS7H6HEVV
-A KUBE-SEP-WHEYMI4PS7H6HEVV -m comment --comment tectonic-system/tectonic-identity:worker -s 10.2.1.4/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-WHEYMI4PS7H6HEVV -m comment --comment tectonic-system/tectonic-identity:worker -m tcp -p tcp -j DNAT --to-destination 10.2.1.4:5556
-A KUBE-SVC-2IDT6BM2YVVH2KLM -m comment --comment tectonic-system/tectonic-identity:worker -j KUBE-SEP-GBZST3QOLAW3U7GW
-A KUBE-SEP-GBZST3QOLAW3U7GW -m comment --comment tectonic-system/tectonic-identity:worker -s 10.2.1.6/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-GBZST3QOLAW3U7GW -m comment --comment tectonic-system/tectonic-identity:worker -m tcp -p tcp -j DNAT --to-destination 10.2.1.6:5556
-A KUBE-SERVICES -m comment --comment "tectonic-system/default-http-backend:http cluster IP" -m tcp -p tcp -d 10.3.143.44/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/default-http-backend:http cluster IP" -m tcp -p tcp -d 10.3.143.44/32 --dport 80 -j KUBE-SVC-LWQ6ERSN2GZ2OM7R
-A KUBE-SVC-LWQ6ERSN2GZ2OM7R -m comment --comment tectonic-system/default-http-backend:http -j KUBE-SEP-6Z64IOM3Y4UU5EMF
-A KUBE-SEP-6Z64IOM3Y4UU5EMF -m comment --comment tectonic-system/default-http-backend:http -s 10.2.1.12/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-6Z64IOM3Y4UU5EMF -m comment --comment tectonic-system/default-http-backend:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.12:8080
-A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus-operator:http cluster IP" -m tcp -p tcp -d 10.3.135.74/32 --dport 8080 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus-operator:http cluster IP" -m tcp -p tcp -d 10.3.135.74/32 --dport 8080 -j KUBE-SVC-WTJF2MKKUQXO44KB
-A KUBE-SVC-WTJF2MKKUQXO44KB -m comment --comment tectonic-system/prometheus-operator:http -j KUBE-SEP-6O3MYO6KKD3GMNNZ
-A KUBE-SEP-6O3MYO6KKD3GMNNZ -m comment --comment tectonic-system/prometheus-operator:http -s 10.2.1.2/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-6O3MYO6KKD3GMNNZ -m comment --comment tectonic-system/prometheus-operator:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.2:8080
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:https cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 443 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:https cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 443 -j KUBE-SVC-HW3L6WD3C4KVFFKE
-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp --dport 32000 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp --dport 32000 -j KUBE-SVC-HW3L6WD3C4KVFFKE
-A KUBE-SVC-HW3L6WD3C4KVFFKE -m comment --comment tectonic-system/tectonic-lb:https -j KUBE-SEP-MMVLH7LSMVYO2JQV
-A KUBE-SEP-MMVLH7LSMVYO2JQV -m comment --comment tectonic-system/tectonic-lb:https -s 10.2.1.13/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-MMVLH7LSMVYO2JQV -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:443
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity-api:api cluster IP" -m tcp -p tcp -d 10.3.27.11/32 --dport 5557 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity-api:api cluster IP" -m tcp -p tcp -d 10.3.27.11/32 --dport 5557 -j KUBE-SVC-WNIBEM2D3V4W3PCZ
-A KUBE-SVC-WNIBEM2D3V4W3PCZ -m comment --comment tectonic-system/tectonic-identity-api:api -m statistic --mode random --probability 0.50000 -j KUBE-SEP-AYVOFZWRPK54UCGR
-A KUBE-SEP-AYVOFZWRPK54UCGR -m comment --comment tectonic-system/tectonic-identity-api:api -s 10.2.1.4/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-AYVOFZWRPK54UCGR -m comment --comment tectonic-system/tectonic-identity-api:api -m tcp -p tcp -j DNAT --to-destination 10.2.1.4:5557
-A KUBE-SVC-WNIBEM2D3V4W3PCZ -m comment --comment tectonic-system/tectonic-identity-api:api -j KUBE-SEP-A54WBIDAT6U34IEK
-A KUBE-SEP-A54WBIDAT6U34IEK -m comment --comment tectonic-system/tectonic-identity-api:api -s 10.2.1.6/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-A54WBIDAT6U34IEK -m comment --comment tectonic-system/tectonic-identity-api:api -m tcp -p tcp -j DNAT --to-destination 10.2.1.6:5557
-A KUBE-SERVICES -m comment --comment "tectonic-system/kube-state-metrics:http-metrics cluster IP" -m tcp -p tcp -d 10.3.115.195/32 --dport 8080 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/kube-state-metrics:http-metrics cluster IP" -m tcp -p tcp -d 10.3.115.195/32 --dport 8080 -j KUBE-SVC-IUSNRMZFI7TTS4FG
-A KUBE-SVC-IUSNRMZFI7TTS4FG -m comment --comment tectonic-system/kube-state-metrics:http-metrics -j KUBE-SEP-GTMWC2VN76OPYUGA
-A KUBE-SEP-GTMWC2VN76OPYUGA -m comment --comment tectonic-system/kube-state-metrics:http-metrics -s 10.2.1.8/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-GTMWC2VN76OPYUGA -m comment --comment tectonic-system/kube-state-metrics:http-metrics -m tcp -p tcp -j DNAT --to-destination 10.2.1.8:8080
-A KUBE-SERVICES -m comment --comment "kube-system/etcd-service:client cluster IP" -m tcp -p tcp -d 10.3.0.15/32 --dport 2379 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "kube-system/etcd-service:client cluster IP" -m tcp -p tcp -d 10.3.0.15/32 --dport 2379 -j KUBE-SVC-EI5FL7I4UTJQWVN4
-A KUBE-SVC-EI5FL7I4UTJQWVN4 -m comment --comment kube-system/etcd-service:client -j KUBE-SEP-L6NN3GNW6HY67JR5
-A KUBE-SEP-L6NN3GNW6HY67JR5 -m comment --comment kube-system/etcd-service:client -s 10.0.8.141/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-L6NN3GNW6HY67JR5 -m comment --comment kube-system/etcd-service:client -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:2379
-A KUBE-SERVICES -m comment --comment "default/kubernetes:https cluster IP" -m tcp -p tcp -d 10.3.0.1/32 --dport 443 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "default/kubernetes:https cluster IP" -m tcp -p tcp -d 10.3.0.1/32 --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment default/kubernetes:https -m recent --name KUBE-SEP-HQ3INDTQHSRJAXAV --rcheck --seconds 10800 --reap -j KUBE-SEP-HQ3INDTQHSRJAXAV
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment default/kubernetes:https -j KUBE-SEP-HQ3INDTQHSRJAXAV
-A KUBE-SEP-HQ3INDTQHSRJAXAV -m comment --comment default/kubernetes:https -s 10.0.8.141/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-HQ3INDTQHSRJAXAV -m comment --comment default/kubernetes:https -m recent --name KUBE-SEP-HQ3INDTQHSRJAXAV --set -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:443
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-alertmanager:http cluster IP" -m tcp -p tcp -d 10.3.176.251/32 --dport 4180 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-alertmanager:http cluster IP" -m tcp -p tcp -d 10.3.176.251/32 --dport 4180 -j KUBE-SVC-GO2LTBO44KXHV5OS
-A KUBE-SVC-GO2LTBO44KXHV5OS -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -j KUBE-SEP-4U6H5NEHZUIRCLKB
-A KUBE-SEP-4U6H5NEHZUIRCLKB -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -s 10.2.1.10/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-4U6H5NEHZUIRCLKB -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.10:4180
-A KUBE-SERVICES -m comment --comment "kube-system/heapster: cluster IP" -m tcp -p tcp -d 10.3.144.124/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "kube-system/heapster: cluster IP" -m tcp -p tcp -d 10.3.144.124/32 --dport 80 -j KUBE-SVC-BJM46V3U5RZHCFRZ
-A KUBE-SVC-BJM46V3U5RZHCFRZ -m comment --comment kube-system/heapster: -j KUBE-SEP-BQFCWDFZEMKHRR7D
-A KUBE-SEP-BQFCWDFZEMKHRR7D -m comment --comment kube-system/heapster: -s 10.2.1.24/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-BQFCWDFZEMKHRR7D -m comment --comment kube-system/heapster: -m tcp -p tcp -j DNAT --to-destination 10.2.1.24:8082
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:http cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:http cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 80 -j KUBE-SVC-RUU63FO4D7KXXBEB
-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp --dport 32001 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp --dport 32001 -j KUBE-SVC-RUU63FO4D7KXXBEB
-A KUBE-SVC-RUU63FO4D7KXXBEB -m comment --comment tectonic-system/tectonic-lb:http -j KUBE-SEP-ONMVZA5MKCZE7YS4
-A KUBE-SEP-ONMVZA5MKCZE7YS4 -m comment --comment tectonic-system/tectonic-lb:http -s 10.2.1.13/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-ONMVZA5MKCZE7YS4 -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:80
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:health cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 10254 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:health cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 10254 -j KUBE-SVC-A6RCWLFMHNFCMRTX
-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp --dport 32002 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp --dport 32002 -j KUBE-SVC-A6RCWLFMHNFCMRTX
-A KUBE-SVC-A6RCWLFMHNFCMRTX -m comment --comment tectonic-system/tectonic-lb:health -j KUBE-SEP-A73IRJW3JVTSVZHG
-A KUBE-SEP-A73IRJW3JVTSVZHG -m comment --comment tectonic-system/tectonic-lb:health -s 10.2.1.13/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-A73IRJW3JVTSVZHG -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:10254
-A KUBE-SERVICES -m comment --comment "kube-system/kube-etcd-client:client cluster IP" -m tcp -p tcp -d 10.3.55.24/32 --dport 2379 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "kube-system/kube-etcd-client:client cluster IP" -m tcp -p tcp -d 10.3.55.24/32 --dport 2379 -j KUBE-SVC-JEJ6BJ5IBP56KA6D
-A KUBE-SVC-JEJ6BJ5IBP56KA6D -m comment --comment kube-system/kube-etcd-client:client -j KUBE-SEP-OIDVMDZM5X3WFPQF
-A KUBE-SEP-OIDVMDZM5X3WFPQF -m comment --comment kube-system/kube-etcd-client:client -s 10.0.8.141/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-OIDVMDZM5X3WFPQF -m comment --comment kube-system/kube-etcd-client:client -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:2379
-A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus:web cluster IP" -m tcp -p tcp -d 10.3.238.171/32 --dport 9090 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus:web cluster IP" -m tcp -p tcp -d 10.3.238.171/32 --dport 9090 -j KUBE-SVC-DFK5ZZPFREAMSJKE
-A KUBE-SVC-DFK5ZZPFREAMSJKE -m comment --comment tectonic-system/prometheus:web -j KUBE-SEP-I6MVPDVTBAPLJS7Q
-A KUBE-SEP-I6MVPDVTBAPLJS7Q -m comment --comment tectonic-system/prometheus:web -s 10.2.1.9/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-I6MVPDVTBAPLJS7Q -m comment --comment tectonic-system/prometheus:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.9:9090
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-console:tectonic-console cluster IP" -m tcp -p tcp -d 10.3.232.123/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-console:tectonic-console cluster IP" -m tcp -p tcp -d 10.3.232.123/32 --dport 80 -j KUBE-SVC-HQ22IKBAABFHT5QE
-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp --dport 30732 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp --dport 30732 -j KUBE-SVC-HQ22IKBAABFHT5QE
-A KUBE-SVC-HQ22IKBAABFHT5QE -m comment --comment tectonic-system/tectonic-console:tectonic-console -m statistic --mode random --probability 0.50000 -j KUBE-SEP-OV5B5YW7S2E26ZQR
-A KUBE-SEP-OV5B5YW7S2E26ZQR -m comment --comment tectonic-system/tectonic-console:tectonic-console -s 10.2.1.3/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-OV5B5YW7S2E26ZQR -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp -j DNAT --to-destination 10.2.1.3:8080
-A KUBE-SVC-HQ22IKBAABFHT5QE -m comment --comment tectonic-system/tectonic-console:tectonic-console -j KUBE-SEP-XZBU5RMYLBX5UK7P
-A KUBE-SEP-XZBU5RMYLBX5UK7P -m comment --comment tectonic-system/tectonic-console:tectonic-console -s 10.2.1.5/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-XZBU5RMYLBX5UK7P -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp -j DNAT --to-destination 10.2.1.5:8080
-A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp -p udp -d 10.3.0.10/32 --dport 53 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp -p udp -d 10.3.0.10/32 --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment kube-system/kube-dns:dns -j KUBE-SEP-RVGJJ4PD7HVV72IX
-A KUBE-SEP-RVGJJ4PD7HVV72IX -m comment --comment kube-system/kube-dns:dns -s 10.2.0.4/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-RVGJJ4PD7HVV72IX -m comment --comment kube-system/kube-dns:dns -m udp -p udp -j DNAT --to-destination 10.2.0.4:53
-A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp -p tcp -d 10.3.0.10/32 --dport 53 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp -p tcp -d 10.3.0.10/32 --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment kube-system/kube-dns:dns-tcp -j KUBE-SEP-JUKHXEQ6L3ILCWM4
-A KUBE-SEP-JUKHXEQ6L3ILCWM4 -m comment --comment kube-system/kube-dns:dns-tcp -s 10.2.0.4/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-JUKHXEQ6L3ILCWM4 -m comment --comment kube-system/kube-dns:dns-tcp -m tcp -p tcp -j DNAT --to-destination 10.2.0.4:53
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-prometheus:http cluster IP" -m tcp -p tcp -d 10.3.25.55/32 --dport 4180 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-prometheus:http cluster IP" -m tcp -p tcp -d 10.3.25.55/32 --dport 4180 -j KUBE-SVC-GMW5W2SEZ52UQ3UF
-A KUBE-SVC-GMW5W2SEZ52UQ3UF -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -j KUBE-SEP-U22ZRDW665TOKGJL
-A KUBE-SEP-U22ZRDW665TOKGJL -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -s 10.2.1.11/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-U22ZRDW665TOKGJL -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.11:4180
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
COMMIT
	*filter
	:KUBE-SERVICES - [0:0]
	COMMIT
	*nat
	:KUBE-SERVICES - [0:0]
	:KUBE-NODEPORTS - [0:0]
	:KUBE-POSTROUTING - [0:0]
	:KUBE-MARK-MASQ - [0:0]
	:KUBE-SVC-4RFU3GGCUIJHFZEZ - [0:0]
	:KUBE-SEP-CG3BO6CZOYEJLW7B - [0:0]
	:KUBE-SEP-N5IGG6PPU7M7SEMF - [0:0]
	:KUBE-SVC-2IDT6BM2YVVH2KLM - [0:0]
	:KUBE-SEP-WHEYMI4PS7H6HEVV - [0:0]
	:KUBE-SEP-GBZST3QOLAW3U7GW - [0:0]
	:KUBE-SVC-LWQ6ERSN2GZ2OM7R - [0:0]
	:KUBE-SEP-6Z64IOM3Y4UU5EMF - [0:0]
	:KUBE-SVC-WTJF2MKKUQXO44KB - [0:0]
	:KUBE-SEP-6O3MYO6KKD3GMNNZ - [0:0]
	:KUBE-SVC-HW3L6WD3C4KVFFKE - [0:0]
	:KUBE-SEP-MMVLH7LSMVYO2JQV - [0:0]
	:KUBE-SVC-WNIBEM2D3V4W3PCZ - [0:0]
	:KUBE-SEP-AYVOFZWRPK54UCGR - [0:0]
	:KUBE-SEP-A54WBIDAT6U34IEK - [0:0]
	:KUBE-SVC-IUSNRMZFI7TTS4FG - [0:0]
	:KUBE-SEP-GTMWC2VN76OPYUGA - [0:0]
	:KUBE-SVC-EI5FL7I4UTJQWVN4 - [0:0]
	:KUBE-SEP-L6NN3GNW6HY67JR5 - [0:0]
	:KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0]
	:KUBE-SEP-HQ3INDTQHSRJAXAV - [0:0]
	:KUBE-SVC-GO2LTBO44KXHV5OS - [0:0]
	:KUBE-SEP-4U6H5NEHZUIRCLKB - [0:0]
	:KUBE-SVC-BJM46V3U5RZHCFRZ - [0:0]
	:KUBE-SEP-BQFCWDFZEMKHRR7D - [0:0]
	:KUBE-SVC-RUU63FO4D7KXXBEB - [0:0]
	:KUBE-SEP-ONMVZA5MKCZE7YS4 - [0:0]
	:KUBE-SVC-A6RCWLFMHNFCMRTX - [0:0]
	:KUBE-SEP-A73IRJW3JVTSVZHG - [0:0]
	:KUBE-SVC-JEJ6BJ5IBP56KA6D - [0:0]
	:KUBE-SEP-OIDVMDZM5X3WFPQF - [0:0]
	:KUBE-SVC-DFK5ZZPFREAMSJKE - [0:0]
	:KUBE-SEP-I6MVPDVTBAPLJS7Q - [0:0]
	:KUBE-SVC-HQ22IKBAABFHT5QE - [0:0]
	:KUBE-SEP-OV5B5YW7S2E26ZQR - [0:0]
	:KUBE-SEP-XZBU5RMYLBX5UK7P - [0:0]
	:KUBE-SVC-TCOU7JCQXEZGVUNU - [0:0]
	:KUBE-SEP-RVGJJ4PD7HVV72IX - [0:0]
	:KUBE-SVC-ERIFXISQEP7F7OF4 - [0:0]
	:KUBE-SEP-JUKHXEQ6L3ILCWM4 - [0:0]
	:KUBE-SVC-GMW5W2SEZ52UQ3UF - [0:0]
	:KUBE-SEP-U22ZRDW665TOKGJL - [0:0]
	-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x00004000/0x00004000 -j MASQUERADE
	-A KUBE-MARK-MASQ -j MARK --set-xmark 0x00004000/0x00004000
	-A KUBE-SERVICES -m comment --comment "tectonic-system/alertmanager-main:web cluster IP" -m tcp -p tcp -d 10.3.186.238/32 --dport 9093 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/alertmanager-main:web cluster IP" -m tcp -p tcp -d 10.3.186.238/32 --dport 9093 -j KUBE-SVC-4RFU3GGCUIJHFZEZ
	-A KUBE-SVC-4RFU3GGCUIJHFZEZ -m comment --comment tectonic-system/alertmanager-main:web -m statistic --mode random --probability 0.50000 -j KUBE-SEP-CG3BO6CZOYEJLW7B
	-A KUBE-SEP-CG3BO6CZOYEJLW7B -m comment --comment tectonic-system/alertmanager-main:web -s 10.2.1.22/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-CG3BO6CZOYEJLW7B -m comment --comment tectonic-system/alertmanager-main:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.22:9093
	-A KUBE-SVC-4RFU3GGCUIJHFZEZ -m comment --comment tectonic-system/alertmanager-main:web -j KUBE-SEP-N5IGG6PPU7M7SEMF
	-A KUBE-SEP-N5IGG6PPU7M7SEMF -m comment --comment tectonic-system/alertmanager-main:web -s 10.2.1.7/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-N5IGG6PPU7M7SEMF -m comment --comment tectonic-system/alertmanager-main:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.7:9093
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity:worker cluster IP" -m tcp -p tcp -d 10.3.159.131/32 --dport 5556 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity:worker cluster IP" -m tcp -p tcp -d 10.3.159.131/32 --dport 5556 -j KUBE-SVC-2IDT6BM2YVVH2KLM
	-A KUBE-SVC-2IDT6BM2YVVH2KLM -m comment --comment tectonic-system/tectonic-identity:worker -m statistic --mode random --probability 0.50000 -j KUBE-SEP-WHEYMI4PS7H6HEVV
	-A KUBE-SEP-WHEYMI4PS7H6HEVV -m comment --comment tectonic-system/tectonic-identity:worker -s 10.2.1.4/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-WHEYMI4PS7H6HEVV -m comment --comment tectonic-system/tectonic-identity:worker -m tcp -p tcp -j DNAT --to-destination 10.2.1.4:5556
	-A KUBE-SVC-2IDT6BM2YVVH2KLM -m comment --comment tectonic-system/tectonic-identity:worker -j KUBE-SEP-GBZST3QOLAW3U7GW
	-A KUBE-SEP-GBZST3QOLAW3U7GW -m comment --comment tectonic-system/tectonic-identity:worker -s 10.2.1.6/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-GBZST3QOLAW3U7GW -m comment --comment tectonic-system/tectonic-identity:worker -m tcp -p tcp -j DNAT --to-destination 10.2.1.6:5556
	-A KUBE-SERVICES -m comment --comment "tectonic-system/default-http-backend:http cluster IP" -m tcp -p tcp -d 10.3.143.44/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/default-http-backend:http cluster IP" -m tcp -p tcp -d 10.3.143.44/32 --dport 80 -j KUBE-SVC-LWQ6ERSN2GZ2OM7R
	-A KUBE-SVC-LWQ6ERSN2GZ2OM7R -m comment --comment tectonic-system/default-http-backend:http -j KUBE-SEP-6Z64IOM3Y4UU5EMF
	-A KUBE-SEP-6Z64IOM3Y4UU5EMF -m comment --comment tectonic-system/default-http-backend:http -s 10.2.1.12/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-6Z64IOM3Y4UU5EMF -m comment --comment tectonic-system/default-http-backend:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.12:8080
	-A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus-operator:http cluster IP" -m tcp -p tcp -d 10.3.135.74/32 --dport 8080 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus-operator:http cluster IP" -m tcp -p tcp -d 10.3.135.74/32 --dport 8080 -j KUBE-SVC-WTJF2MKKUQXO44KB
	-A KUBE-SVC-WTJF2MKKUQXO44KB -m comment --comment tectonic-system/prometheus-operator:http -j KUBE-SEP-6O3MYO6KKD3GMNNZ
	-A KUBE-SEP-6O3MYO6KKD3GMNNZ -m comment --comment tectonic-system/prometheus-operator:http -s 10.2.1.2/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-6O3MYO6KKD3GMNNZ -m comment --comment tectonic-system/prometheus-operator:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.2:8080
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:https cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 443 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:https cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 443 -j KUBE-SVC-HW3L6WD3C4KVFFKE
	-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp --dport 32000 -j KUBE-MARK-MASQ
	-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp --dport 32000 -j KUBE-SVC-HW3L6WD3C4KVFFKE
	-A KUBE-SVC-HW3L6WD3C4KVFFKE -m comment --comment tectonic-system/tectonic-lb:https -j KUBE-SEP-MMVLH7LSMVYO2JQV
	-A KUBE-SEP-MMVLH7LSMVYO2JQV -m comment --comment tectonic-system/tectonic-lb:https -s 10.2.1.13/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-MMVLH7LSMVYO2JQV -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:443
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity-api:api cluster IP" -m tcp -p tcp -d 10.3.27.11/32 --dport 5557 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity-api:api cluster IP" -m tcp -p tcp -d 10.3.27.11/32 --dport 5557 -j KUBE-SVC-WNIBEM2D3V4W3PCZ
	-A KUBE-SVC-WNIBEM2D3V4W3PCZ -m comment --comment tectonic-system/tectonic-identity-api:api -m statistic --mode random --probability 0.50000 -j KUBE-SEP-AYVOFZWRPK54UCGR
	-A KUBE-SEP-AYVOFZWRPK54UCGR -m comment --comment tectonic-system/tectonic-identity-api:api -s 10.2.1.4/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-AYVOFZWRPK54UCGR -m comment --comment tectonic-system/tectonic-identity-api:api -m tcp -p tcp -j DNAT --to-destination 10.2.1.4:5557
	-A KUBE-SVC-WNIBEM2D3V4W3PCZ -m comment --comment tectonic-system/tectonic-identity-api:api -j KUBE-SEP-A54WBIDAT6U34IEK
	-A KUBE-SEP-A54WBIDAT6U34IEK -m comment --comment tectonic-system/tectonic-identity-api:api -s 10.2.1.6/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-A54WBIDAT6U34IEK -m comment --comment tectonic-system/tectonic-identity-api:api -m tcp -p tcp -j DNAT --to-destination 10.2.1.6:5557
	-A KUBE-SERVICES -m comment --comment "tectonic-system/kube-state-metrics:http-metrics cluster IP" -m tcp -p tcp -d 10.3.115.195/32 --dport 8080 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/kube-state-metrics:http-metrics cluster IP" -m tcp -p tcp -d 10.3.115.195/32 --dport 8080 -j KUBE-SVC-IUSNRMZFI7TTS4FG
	-A KUBE-SVC-IUSNRMZFI7TTS4FG -m comment --comment tectonic-system/kube-state-metrics:http-metrics -j KUBE-SEP-GTMWC2VN76OPYUGA
	-A KUBE-SEP-GTMWC2VN76OPYUGA -m comment --comment tectonic-system/kube-state-metrics:http-metrics -s 10.2.1.8/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-GTMWC2VN76OPYUGA -m comment --comment tectonic-system/kube-state-metrics:http-metrics -m tcp -p tcp -j DNAT --to-destination 10.2.1.8:8080
	-A KUBE-SERVICES -m comment --comment "kube-system/etcd-service:client cluster IP" -m tcp -p tcp -d 10.3.0.15/32 --dport 2379 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "kube-system/etcd-service:client cluster IP" -m tcp -p tcp -d 10.3.0.15/32 --dport 2379 -j KUBE-SVC-EI5FL7I4UTJQWVN4
	-A KUBE-SVC-EI5FL7I4UTJQWVN4 -m comment --comment kube-system/etcd-service:client -j KUBE-SEP-L6NN3GNW6HY67JR5
	-A KUBE-SEP-L6NN3GNW6HY67JR5 -m comment --comment kube-system/etcd-service:client -s 10.0.8.141/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-L6NN3GNW6HY67JR5 -m comment --comment kube-system/etcd-service:client -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:2379
	-A KUBE-SERVICES -m comment --comment "default/kubernetes:https cluster IP" -m tcp -p tcp -d 10.3.0.1/32 --dport 443 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "default/kubernetes:https cluster IP" -m tcp -p tcp -d 10.3.0.1/32 --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
	-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment default/kubernetes:https -m recent --name KUBE-SEP-HQ3INDTQHSRJAXAV --rcheck --seconds 10800 --reap -j KUBE-SEP-HQ3INDTQHSRJAXAV
	-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment default/kubernetes:https -j KUBE-SEP-HQ3INDTQHSRJAXAV
	-A KUBE-SEP-HQ3INDTQHSRJAXAV -m comment --comment default/kubernetes:https -s 10.0.8.141/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-HQ3INDTQHSRJAXAV -m comment --comment default/kubernetes:https -m recent --name KUBE-SEP-HQ3INDTQHSRJAXAV --set -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:443
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-alertmanager:http cluster IP" -m tcp -p tcp -d 10.3.176.251/32 --dport 4180 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-alertmanager:http cluster IP" -m tcp -p tcp -d 10.3.176.251/32 --dport 4180 -j KUBE-SVC-GO2LTBO44KXHV5OS
	-A KUBE-SVC-GO2LTBO44KXHV5OS -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -j KUBE-SEP-4U6H5NEHZUIRCLKB
	-A KUBE-SEP-4U6H5NEHZUIRCLKB -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -s 10.2.1.10/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-4U6H5NEHZUIRCLKB -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.10:4180
	-A KUBE-SERVICES -m comment --comment "kube-system/heapster: cluster IP" -m tcp -p tcp -d 10.3.144.124/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "kube-system/heapster: cluster IP" -m tcp -p tcp -d 10.3.144.124/32 --dport 80 -j KUBE-SVC-BJM46V3U5RZHCFRZ
	-A KUBE-SVC-BJM46V3U5RZHCFRZ -m comment --comment kube-system/heapster: -j KUBE-SEP-BQFCWDFZEMKHRR7D
	-A KUBE-SEP-BQFCWDFZEMKHRR7D -m comment --comment kube-system/heapster: -s 10.2.1.24/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-BQFCWDFZEMKHRR7D -m comment --comment kube-system/heapster: -m tcp -p tcp -j DNAT --to-destination 10.2.1.24:8082
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:http cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:http cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 80 -j KUBE-SVC-RUU63FO4D7KXXBEB
	-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp --dport 32001 -j KUBE-MARK-MASQ
	-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp --dport 32001 -j KUBE-SVC-RUU63FO4D7KXXBEB
	-A KUBE-SVC-RUU63FO4D7KXXBEB -m comment --comment tectonic-system/tectonic-lb:http -j KUBE-SEP-ONMVZA5MKCZE7YS4
	-A KUBE-SEP-ONMVZA5MKCZE7YS4 -m comment --comment tectonic-system/tectonic-lb:http -s 10.2.1.13/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-ONMVZA5MKCZE7YS4 -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:80
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:health cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 10254 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:health cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 10254 -j KUBE-SVC-A6RCWLFMHNFCMRTX
	-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp --dport 32002 -j KUBE-MARK-MASQ
	-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp --dport 32002 -j KUBE-SVC-A6RCWLFMHNFCMRTX
	-A KUBE-SVC-A6RCWLFMHNFCMRTX -m comment --comment tectonic-system/tectonic-lb:health -j KUBE-SEP-A73IRJW3JVTSVZHG
	-A KUBE-SEP-A73IRJW3JVTSVZHG -m comment --comment tectonic-system/tectonic-lb:health -s 10.2.1.13/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-A73IRJW3JVTSVZHG -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:10254
	-A KUBE-SERVICES -m comment --comment "kube-system/kube-etcd-client:client cluster IP" -m tcp -p tcp -d 10.3.55.24/32 --dport 2379 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "kube-system/kube-etcd-client:client cluster IP" -m tcp -p tcp -d 10.3.55.24/32 --dport 2379 -j KUBE-SVC-JEJ6BJ5IBP56KA6D
	-A KUBE-SVC-JEJ6BJ5IBP56KA6D -m comment --comment kube-system/kube-etcd-client:client -j KUBE-SEP-OIDVMDZM5X3WFPQF
	-A KUBE-SEP-OIDVMDZM5X3WFPQF -m comment --comment kube-system/kube-etcd-client:client -s 10.0.8.141/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-OIDVMDZM5X3WFPQF -m comment --comment kube-system/kube-etcd-client:client -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:2379
	-A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus:web cluster IP" -m tcp -p tcp -d 10.3.238.171/32 --dport 9090 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus:web cluster IP" -m tcp -p tcp -d 10.3.238.171/32 --dport 9090 -j KUBE-SVC-DFK5ZZPFREAMSJKE
	-A KUBE-SVC-DFK5ZZPFREAMSJKE -m comment --comment tectonic-system/prometheus:web -j KUBE-SEP-I6MVPDVTBAPLJS7Q
	-A KUBE-SEP-I6MVPDVTBAPLJS7Q -m comment --comment tectonic-system/prometheus:web -s 10.2.1.9/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-I6MVPDVTBAPLJS7Q -m comment --comment tectonic-system/prometheus:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.9:9090
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-console:tectonic-console cluster IP" -m tcp -p tcp -d 10.3.232.123/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-console:tectonic-console cluster IP" -m tcp -p tcp -d 10.3.232.123/32 --dport 80 -j KUBE-SVC-HQ22IKBAABFHT5QE
	-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp --dport 30732 -j KUBE-MARK-MASQ
	-A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp --dport 30732 -j KUBE-SVC-HQ22IKBAABFHT5QE
	-A KUBE-SVC-HQ22IKBAABFHT5QE -m comment --comment tectonic-system/tectonic-console:tectonic-console -m statistic --mode random --probability 0.50000 -j KUBE-SEP-OV5B5YW7S2E26ZQR
	-A KUBE-SEP-OV5B5YW7S2E26ZQR -m comment --comment tectonic-system/tectonic-console:tectonic-console -s 10.2.1.3/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-OV5B5YW7S2E26ZQR -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp -j DNAT --to-destination 10.2.1.3:8080
	-A KUBE-SVC-HQ22IKBAABFHT5QE -m comment --comment tectonic-system/tectonic-console:tectonic-console -j KUBE-SEP-XZBU5RMYLBX5UK7P
	-A KUBE-SEP-XZBU5RMYLBX5UK7P -m comment --comment tectonic-system/tectonic-console:tectonic-console -s 10.2.1.5/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-XZBU5RMYLBX5UK7P -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp -j DNAT --to-destination 10.2.1.5:8080
	-A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp -p udp -d 10.3.0.10/32 --dport 53 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp -p udp -d 10.3.0.10/32 --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
	-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment kube-system/kube-dns:dns -j KUBE-SEP-RVGJJ4PD7HVV72IX
	-A KUBE-SEP-RVGJJ4PD7HVV72IX -m comment --comment kube-system/kube-dns:dns -s 10.2.0.4/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-RVGJJ4PD7HVV72IX -m comment --comment kube-system/kube-dns:dns -m udp -p udp -j DNAT --to-destination 10.2.0.4:53
	-A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp -p tcp -d 10.3.0.10/32 --dport 53 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp -p tcp -d 10.3.0.10/32 --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
	-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment kube-system/kube-dns:dns-tcp -j KUBE-SEP-JUKHXEQ6L3ILCWM4
	-A KUBE-SEP-JUKHXEQ6L3ILCWM4 -m comment --comment kube-system/kube-dns:dns-tcp -s 10.2.0.4/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-JUKHXEQ6L3ILCWM4 -m comment --comment kube-system/kube-dns:dns-tcp -m tcp -p tcp -j DNAT --to-destination 10.2.0.4:53
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-prometheus:http cluster IP" -m tcp -p tcp -d 10.3.25.55/32 --dport 4180 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ
	-A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-prometheus:http cluster IP" -m tcp -p tcp -d 10.3.25.55/32 --dport 4180 -j KUBE-SVC-GMW5W2SEZ52UQ3UF
	-A KUBE-SVC-GMW5W2SEZ52UQ3UF -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -j KUBE-SEP-U22ZRDW665TOKGJL
	-A KUBE-SEP-U22ZRDW665TOKGJL -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -s 10.2.1.11/32 -j KUBE-MARK-MASQ
	-A KUBE-SEP-U22ZRDW665TOKGJL -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.11:4180
	-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
	COMMIT