API tools faq
paste
Advertisement
kfirufk

iptables-save output of coreos

kfirufk
Mar 23rd, 2017
554
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.07 KB | None | 0 0
raw download clone embed print report
  1. # iptables-save
  2. # Generated by iptables-save v1.4.21 on Thu Mar 23 13:17:05 2017
  3. *raw
  4. :PREROUTING ACCEPT [14901444:15508075362]
  5. :OUTPUT ACCEPT [12093557:3566031252]
  6. :cali-OUTPUT - [0:0]
  7. :cali-PREROUTING - [0:0]
  8. :cali-failsafe-in - [0:0]
  9. :cali-failsafe-out - [0:0]
  10. :cali-from-host-endpoint - [0:0]
  11. :cali-pi-k8s-policy-no-match - [0:0]
  12. :cali-po-k8s-policy-no-match - [0:0]
  13. :cali-to-host-endpoint - [0:0]
  14. -A PREROUTING -m comment --comment "cali:6gwbT8clXdHdC1b1" -j cali-PREROUTING
  15. -A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT
  16. -A cali-OUTPUT -m comment --comment "cali:38nOqDjL6rORZtSl" -j MARK --set-xmark 0x0/0x7000000
  17. -A cali-OUTPUT -m comment --comment "cali:mDDUhMDnNdaIUtPr" -j cali-to-host-endpoint
  18. -A cali-OUTPUT -m comment --comment "cali:qxtWla1G8uqJMI9B" -m mark --mark 0x1000000/0x1000000 -j ACCEPT
  19. -A cali-PREROUTING -m comment --comment "cali:x4XbVMc5P_kNXnTy" -j MARK --set-xmark 0x0/0x7000000
  20. -A cali-PREROUTING -i cali+ -m comment --comment "cali:fQeZek80kVOPa0xO" -j MARK --set-xmark 0x4000000/0x4000000
  21. -A cali-PREROUTING -m comment --comment "cali:xp3NolkIpulCQL_G" -m mark --mark 0x0/0x4000000 -j cali-from-host-endpoint
  22. -A cali-PREROUTING -m comment --comment "cali:fbdE50A0BiINbNiA" -m mark --mark 0x1000000/0x1000000 -j ACCEPT
  23. -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT
  24. -A cali-failsafe-out -p tcp -m comment --comment "cali:73bZKoyDfOpFwC2T" -m multiport --dports 2379 -j ACCEPT
  25. -A cali-failsafe-out -p tcp -m comment --comment "cali:QMFuWo6o-d9yOpNm" -m multiport --dports 2380 -j ACCEPT
  26. -A cali-failsafe-out -p tcp -m comment --comment "cali:Kup7QkrsdmfGX0uL" -m multiport --dports 4001 -j ACCEPT
  27. -A cali-failsafe-out -p tcp -m comment --comment "cali:xYYr5PEqDf_Pqfkv" -m multiport --dports 7001 -j ACCEPT
  28. -A cali-pi-k8s-policy-no-match -m comment --comment "cali:eXR8WKtGQfKPd5zm" -j MARK --set-xmark 0x2000000/0x2000000
  29. -A cali-pi-k8s-policy-no-match -m comment --comment "cali:J7UwAp2kUUNYDEbZ" -m mark --mark 0x2000000/0x2000000 -j RETURN
  30. -A cali-po-k8s-policy-no-match -m comment --comment "cali:M1MvnGSuWnBDoJxY" -j MARK --set-xmark 0x2000000/0x2000000
  31. -A cali-po-k8s-policy-no-match -m comment --comment "cali:srq_4spRBeZ7r-5T" -m mark --mark 0x2000000/0x2000000 -j RETURN
  32. COMMIT
  33. # Completed on Thu Mar 23 13:17:05 2017
  34. # Generated by iptables-save v1.4.21 on Thu Mar 23 13:17:05 2017
  35. *filter
  36. :INPUT ACCEPT [2:120]
  37. :FORWARD ACCEPT [0:0]
  38. :OUTPUT ACCEPT [0:0]
  39. :DOCKER - [0:0]
  40. :DOCKER-ISOLATION - [0:0]
  41. :KUBE-FIREWALL - [0:0]
  42. :KUBE-SERVICES - [0:0]
  43. :cali-FORWARD - [0:0]
  44. :cali-INPUT - [0:0]
  45. :cali-OUTPUT - [0:0]
  46. :cali-failsafe-in - [0:0]
  47. :cali-failsafe-out - [0:0]
  48. :cali-from-host-endpoint - [0:0]
  49. :cali-from-wl-dispatch - [0:0]
  50. :cali-from-wl-dispatch-f - [0:0]
  51. :cali-fw-cali01894ffb609 - [0:0]
  52. :cali-fw-cali3e6931d032d - [0:0]
  53. :cali-fw-cali4f6359baa47 - [0:0]
  54. :cali-fw-calia47368f6a2f - [0:0]
  55. :cali-fw-calicceaa2f1590 - [0:0]
  56. :cali-fw-calif152a6fc379 - [0:0]
  57. :cali-fw-calif3f68101b1f - [0:0]
  58. :cali-pi-k8s-policy-no-match - [0:0]
  59. :cali-po-k8s-policy-no-match - [0:0]
  60. :cali-pri-_8RYwx-GzQkydyUOSQ3 - [0:0]
  61. :cali-pri-k8s_ns.ceph - [0:0]
  62. :cali-pri-k8s_ns.kube-system - [0:0]
  63. :cali-pro-_8RYwx-GzQkydyUOSQ3 - [0:0]
  64. :cali-pro-k8s_ns.ceph - [0:0]
  65. :cali-pro-k8s_ns.kube-system - [0:0]
  66. :cali-to-host-endpoint - [0:0]
  67. :cali-to-wl-dispatch - [0:0]
  68. :cali-to-wl-dispatch-f - [0:0]
  69. :cali-tw-cali01894ffb609 - [0:0]
  70. :cali-tw-cali3e6931d032d - [0:0]
  71. :cali-tw-cali4f6359baa47 - [0:0]
  72. :cali-tw-calia47368f6a2f - [0:0]
  73. :cali-tw-calicceaa2f1590 - [0:0]
  74. :cali-tw-calif152a6fc379 - [0:0]
  75. :cali-tw-calif3f68101b1f - [0:0]
  76. :cali-wl-to-host - [0:0]
  77. -A INPUT -m comment --comment "cali:Cz_u1IQiXIMmKD4c" -j cali-INPUT
  78. -A INPUT -j KUBE-FIREWALL
  79. -A FORWARD -m comment --comment "cali:wUHhoiAYhphO9Mso" -j cali-FORWARD
  80. -A FORWARD -j DOCKER-ISOLATION
  81. -A FORWARD -o docker0 -j DOCKER
  82. -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  83. -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
  84. -A FORWARD -i docker0 -o docker0 -j ACCEPT
  85. -A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT
  86. -A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
  87. -A OUTPUT -j KUBE-FIREWALL
  88. -A DOCKER-ISOLATION -j RETURN
  89. -A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP
  90. -A KUBE-SERVICES -d 10.3.0.116/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard: has no endpoints" -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
  91. -A KUBE-SERVICES -d 10.3.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns has no endpoints" -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
  92. -A KUBE-SERVICES -d 10.3.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp has no endpoints" -m tcp --dport 53 -j REJECT --reject-with icmp-port-unreachable
  93. -A cali-FORWARD -m comment --comment "cali:jxvuJjmmRV135nVu" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT
  94. -A cali-FORWARD -m comment --comment "cali:8YeDX9Z0tXyO0Sp8" -m conntrack --ctstate INVALID -j DROP
  95. -A cali-FORWARD -m comment --comment "cali:1GMSV-PhhZ8QbJg4" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  96. -A cali-FORWARD -i cali+ -m comment --comment "cali:36TkoGXj9EF7Plkv" -j cali-from-wl-dispatch
  97. -A cali-FORWARD -o cali+ -m comment --comment "cali:URMhBRo8ugd8J8Yx" -j cali-to-wl-dispatch
  98. -A cali-FORWARD -i cali+ -m comment --comment "cali:FyhWsW08U3a5niLK" -j ACCEPT
  99. -A cali-FORWARD -o cali+ -m comment --comment "cali:G655uIfZuidj1gAw" -j ACCEPT
  100. -A cali-FORWARD -m comment --comment "cali:4GbueNC2iWajKnxO" -j MARK --set-xmark 0x0/0x7000000
  101. -A cali-FORWARD -m comment --comment "cali:bq3wVY3mkXk96NQP" -j cali-from-host-endpoint
  102. -A cali-FORWARD -m comment --comment "cali:G8sjbYXH5_QiYnBl" -j cali-to-host-endpoint
  103. -A cali-FORWARD -m comment --comment "cali:wYFYRdMhtSYCqKNm" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT
  104. -A cali-INPUT -m comment --comment "cali:46gVAqzWLjH8U4O2" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT
  105. -A cali-INPUT -m comment --comment "cali:5M2EkEm-RVlDLAfE" -m conntrack --ctstate INVALID -j DROP
  106. -A cali-INPUT -m comment --comment "cali:8ggYjLbFRX5Ap9Zj" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  107. -A cali-INPUT -i cali+ -m comment --comment "cali:mA3ZJKi9nadUmYVF" -g cali-wl-to-host
  108. -A cali-INPUT -m comment --comment "cali:hI4IjifGj0fegLPE" -j MARK --set-xmark 0x0/0x7000000
  109. -A cali-INPUT -m comment --comment "cali:wdegoKfPlcmsZTOM" -j cali-from-host-endpoint
  110. -A cali-INPUT -m comment --comment "cali:r875VVc8vFk1f-ZA" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT
  111. -A cali-OUTPUT -m comment --comment "cali:FwFFCT8uDthhfgS7" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT
  112. -A cali-OUTPUT -m comment --comment "cali:KQN1p6BZgCGuApYk" -m conntrack --ctstate INVALID -j DROP
  113. -A cali-OUTPUT -m comment --comment "cali:ThMSEAwgeF4nAqRa" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  114. -A cali-OUTPUT -o cali+ -m comment --comment "cali:0YpIH4BWIJL90PfX" -j RETURN
  115. -A cali-OUTPUT -m comment --comment "cali:sUIDpoFnawuqGYyG" -j MARK --set-xmark 0x0/0x7000000
  116. -A cali-OUTPUT -m comment --comment "cali:vQVzNX-dNxUnYjUT" -j cali-to-host-endpoint
  117. -A cali-OUTPUT -m comment --comment "cali:Ry2SAIVyda14xWHB" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT
  118. -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT
  119. -A cali-failsafe-out -p tcp -m comment --comment "cali:73bZKoyDfOpFwC2T" -m multiport --dports 2379 -j ACCEPT
  120. -A cali-failsafe-out -p tcp -m comment --comment "cali:QMFuWo6o-d9yOpNm" -m multiport --dports 2380 -j ACCEPT
  121. -A cali-failsafe-out -p tcp -m comment --comment "cali:Kup7QkrsdmfGX0uL" -m multiport --dports 4001 -j ACCEPT
  122. -A cali-failsafe-out -p tcp -m comment --comment "cali:xYYr5PEqDf_Pqfkv" -m multiport --dports 7001 -j ACCEPT
  123. -A cali-from-wl-dispatch -i cali01894ffb609 -m comment --comment "cali:isI6nUt8Y0WEPoB9" -g cali-fw-cali01894ffb609
  124. -A cali-from-wl-dispatch -i cali3e6931d032d -m comment --comment "cali:S4przpeFJNHDSl9f" -g cali-fw-cali3e6931d032d
  125. -A cali-from-wl-dispatch -i cali4f6359baa47 -m comment --comment "cali:2keMPk-JZqUBR2G4" -g cali-fw-cali4f6359baa47
  126. -A cali-from-wl-dispatch -i calia47368f6a2f -m comment --comment "cali:-UlqAEm_nrt2kwGX" -g cali-fw-calia47368f6a2f
  127. -A cali-from-wl-dispatch -i calicceaa2f1590 -m comment --comment "cali:47InNUz85xzt2LH-" -g cali-fw-calicceaa2f1590
  128. -A cali-from-wl-dispatch -i calif+ -m comment --comment "cali:qAkWeYQwlxIeAgqe" -g cali-from-wl-dispatch-f
  129. -A cali-from-wl-dispatch -m comment --comment "cali:7CKiJ-4iPxHldSNe" -m comment --comment "Unknown interface" -j DROP
  130. -A cali-from-wl-dispatch-f -i calif152a6fc379 -m comment --comment "cali:EAiyywKGgzaikYvG" -g cali-fw-calif152a6fc379
  131. -A cali-from-wl-dispatch-f -i calif3f68101b1f -m comment --comment "cali:The3p7OKCvvFviBR" -g cali-fw-calif3f68101b1f
  132. -A cali-from-wl-dispatch-f -m comment --comment "cali:diyxRoksOWfe5MIG" -m comment --comment "Unknown interface" -j DROP
  133. -A cali-fw-cali01894ffb609 -m comment --comment "cali:IR46k3tDVL6bztzx" -j MARK --set-xmark 0x0/0x1000000
  134. -A cali-fw-cali01894ffb609 -m comment --comment "cali:s5mxv0N5kOuYF_M9" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  135. -A cali-fw-cali01894ffb609 -m comment --comment "cali:y09i32DwRLHHxu86" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match
  136. -A cali-fw-cali01894ffb609 -m comment --comment "cali:5ptRUA3zBKk9onHW" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  137. -A cali-fw-cali01894ffb609 -m comment --comment "cali:M5J2LA5P7LYAAn1X" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  138. -A cali-fw-cali01894ffb609 -m comment --comment "cali:dz3OWPL4kaYPvRJM" -j cali-pro-k8s_ns.ceph
  139. -A cali-fw-cali01894ffb609 -m comment --comment "cali:m4U_kx-JbbDV3AOZ" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  140. -A cali-fw-cali01894ffb609 -m comment --comment "cali:UrrVbz3szRdn7ERf" -m comment --comment "Drop if no profiles matched" -j DROP
  141. -A cali-fw-cali3e6931d032d -m comment --comment "cali:iul9pwrAJ5KoZWZR" -j MARK --set-xmark 0x0/0x1000000
  142. -A cali-fw-cali3e6931d032d -m comment --comment "cali:E8rTpuO6WOhiaAUF" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  143. -A cali-fw-cali3e6931d032d -m comment --comment "cali:Gc5An1ei49HsFWTu" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match
  144. -A cali-fw-cali3e6931d032d -m comment --comment "cali:MClBbWK7MM4PvpjL" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  145. -A cali-fw-cali3e6931d032d -m comment --comment "cali:TIqobWuEZGYv6216" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  146. -A cali-fw-cali3e6931d032d -m comment --comment "cali:WH5HfmiSKvFzRCjB" -j cali-pro-k8s_ns.kube-system
  147. -A cali-fw-cali3e6931d032d -m comment --comment "cali:fo1iQZeQ_AFCmE6T" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  148. -A cali-fw-cali3e6931d032d -m comment --comment "cali:6tFimuXahmzbFZNV" -m comment --comment "Drop if no profiles matched" -j DROP
  149. -A cali-fw-cali4f6359baa47 -m comment --comment "cali:IcMZnKmWH99K_p1G" -j MARK --set-xmark 0x0/0x1000000
  150. -A cali-fw-cali4f6359baa47 -m comment --comment "cali:phV1PSeOn61ysTdQ" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  151. -A cali-fw-cali4f6359baa47 -m comment --comment "cali:8b7eGkBWzL5i7vX2" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match
  152. -A cali-fw-cali4f6359baa47 -m comment --comment "cali:XbkJzwLhvt6xz3vS" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  153. -A cali-fw-cali4f6359baa47 -m comment --comment "cali:Pggbx3Ai9_rmS-cm" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  154. -A cali-fw-cali4f6359baa47 -m comment --comment "cali:LhJpizprRJwYFCuN" -j cali-pro-k8s_ns.kube-system
  155. -A cali-fw-cali4f6359baa47 -m comment --comment "cali:2hEwrqNE5sfbpmVh" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  156. -A cali-fw-cali4f6359baa47 -m comment --comment "cali:iaUZRMYlkPoBh18g" -m comment --comment "Drop if no profiles matched" -j DROP
  157. -A cali-fw-calia47368f6a2f -m comment --comment "cali:70fBIMTDYDE6QdGG" -j MARK --set-xmark 0x0/0x1000000
  158. -A cali-fw-calia47368f6a2f -m comment --comment "cali:WvRuOZQqtp6KzM5G" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  159. -A cali-fw-calia47368f6a2f -m comment --comment "cali:2VZGI7ljgsyH7tlH" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match
  160. -A cali-fw-calia47368f6a2f -m comment --comment "cali:8QQRuPn4Anr_pE27" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  161. -A cali-fw-calia47368f6a2f -m comment --comment "cali:A7H9R1FiFsN4XNt5" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  162. -A cali-fw-calia47368f6a2f -m comment --comment "cali:KT1j69Oi3AuZtxp1" -j cali-pro-k8s_ns.kube-system
  163. -A cali-fw-calia47368f6a2f -m comment --comment "cali:_NBh8bZM5LkI1MF8" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  164. -A cali-fw-calia47368f6a2f -m comment --comment "cali:1QYbJp3tLbOZ7TyA" -m comment --comment "Drop if no profiles matched" -j DROP
  165. -A cali-fw-calicceaa2f1590 -m comment --comment "cali:4VMt8i6uXOXLaXzq" -j MARK --set-xmark 0x0/0x1000000
  166. -A cali-fw-calicceaa2f1590 -m comment --comment "cali:xu9e_9Jfo2LMRSU9" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  167. -A cali-fw-calicceaa2f1590 -m comment --comment "cali:i_nMSkmBSSumlNIZ" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match
  168. -A cali-fw-calicceaa2f1590 -m comment --comment "cali:l7boG4sy6dQk_sw1" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  169. -A cali-fw-calicceaa2f1590 -m comment --comment "cali:1E8V1eSUpBVi58jZ" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  170. -A cali-fw-calicceaa2f1590 -m comment --comment "cali:EwCatqRYqNwDVi9I" -j cali-pro-_8RYwx-GzQkydyUOSQ3
  171. -A cali-fw-calicceaa2f1590 -m comment --comment "cali:cxF-c0LiaFRoLm07" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  172. -A cali-fw-calicceaa2f1590 -m comment --comment "cali:i9djQdbmMYR8FC7h" -m comment --comment "Drop if no profiles matched" -j DROP
  173. -A cali-fw-calif152a6fc379 -m comment --comment "cali:mK4sSyhscbgYR-Ov" -j MARK --set-xmark 0x0/0x1000000
  174. -A cali-fw-calif152a6fc379 -m comment --comment "cali:crDFkctr2IkG80zy" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  175. -A cali-fw-calif152a6fc379 -m comment --comment "cali:F2g_zUUXg6JdBFAS" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match
  176. -A cali-fw-calif152a6fc379 -m comment --comment "cali:i0cub1l25NnAkiik" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  177. -A cali-fw-calif152a6fc379 -m comment --comment "cali:ZvoejuT0MdQ8g5E9" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  178. -A cali-fw-calif152a6fc379 -m comment --comment "cali:PQScm-vlszbGXbDH" -j cali-pro-k8s_ns.kube-system
  179. -A cali-fw-calif152a6fc379 -m comment --comment "cali:1jOsnDghSOcbSUg0" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  180. -A cali-fw-calif152a6fc379 -m comment --comment "cali:N2LO9ghvGEIvTrUx" -m comment --comment "Drop if no profiles matched" -j DROP
  181. -A cali-fw-calif3f68101b1f -m comment --comment "cali:fcw3nPFYAz_x78Lr" -j MARK --set-xmark 0x0/0x1000000
  182. -A cali-fw-calif3f68101b1f -m comment --comment "cali:RrUYuE27YJ7pDCfI" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  183. -A cali-fw-calif3f68101b1f -m comment --comment "cali:azdYB9wkLj3ZgNMP" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match
  184. -A cali-fw-calif3f68101b1f -m comment --comment "cali:JHkvobFYbFLxdnMH" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  185. -A cali-fw-calif3f68101b1f -m comment --comment "cali:Q7FT38i8lE9szYSd" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  186. -A cali-fw-calif3f68101b1f -m comment --comment "cali:w3yjfUiInXyg8vjL" -j cali-pro-k8s_ns.kube-system
  187. -A cali-fw-calif3f68101b1f -m comment --comment "cali:LT0MnQGW2LK6USWs" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  188. -A cali-fw-calif3f68101b1f -m comment --comment "cali:dXLmu9vYsoIeeR2P" -m comment --comment "Drop if no profiles matched" -j DROP
  189. -A cali-pi-k8s-policy-no-match -m comment --comment "cali:eXR8WKtGQfKPd5zm" -j MARK --set-xmark 0x2000000/0x2000000
  190. -A cali-pi-k8s-policy-no-match -m comment --comment "cali:J7UwAp2kUUNYDEbZ" -m mark --mark 0x2000000/0x2000000 -j RETURN
  191. -A cali-po-k8s-policy-no-match -m comment --comment "cali:M1MvnGSuWnBDoJxY" -j MARK --set-xmark 0x2000000/0x2000000
  192. -A cali-po-k8s-policy-no-match -m comment --comment "cali:srq_4spRBeZ7r-5T" -m mark --mark 0x2000000/0x2000000 -j RETURN
  193. -A cali-pri-_8RYwx-GzQkydyUOSQ3 -m comment --comment "cali:Hdq93PPt97dIzXND" -j MARK --set-xmark 0x1000000/0x1000000
  194. -A cali-pri-_8RYwx-GzQkydyUOSQ3 -m comment --comment "cali:qYvzo5yLDMDLF5OQ" -m mark --mark 0x1000000/0x1000000 -j RETURN
  195. -A cali-pri-k8s_ns.ceph -m comment --comment "cali:9jcfwv7PzhB_mi4D" -j MARK --set-xmark 0x1000000/0x1000000
  196. -A cali-pri-k8s_ns.ceph -m comment --comment "cali:xY2JC9Dj1r8DyhkM" -m mark --mark 0x1000000/0x1000000 -j RETURN
  197. -A cali-pri-k8s_ns.kube-system -m comment --comment "cali:plMTf6GGo5FLt-zw" -j MARK --set-xmark 0x1000000/0x1000000
  198. -A cali-pri-k8s_ns.kube-system -m comment --comment "cali:d_ypsHpl3J96oOpx" -m mark --mark 0x1000000/0x1000000 -j RETURN
  199. -A cali-pro-_8RYwx-GzQkydyUOSQ3 -m comment --comment "cali:8cptEHfAqYUSV2_B" -j MARK --set-xmark 0x1000000/0x1000000
  200. -A cali-pro-_8RYwx-GzQkydyUOSQ3 -m comment --comment "cali:YYU-kFjW-E8uk-Cj" -m mark --mark 0x1000000/0x1000000 -j RETURN
  201. -A cali-pro-k8s_ns.ceph -m comment --comment "cali:VZFPtK7yz6IsDsX-" -j MARK --set-xmark 0x1000000/0x1000000
  202. -A cali-pro-k8s_ns.ceph -m comment --comment "cali:4JDPbmdSx5rP3CkN" -m mark --mark 0x1000000/0x1000000 -j RETURN
  203. -A cali-pro-k8s_ns.kube-system -m comment --comment "cali:lDQGDZg5UANF5wIK" -j MARK --set-xmark 0x1000000/0x1000000
  204. -A cali-pro-k8s_ns.kube-system -m comment --comment "cali:wn_dnW-P0COWnhhy" -m mark --mark 0x1000000/0x1000000 -j RETURN
  205. -A cali-to-wl-dispatch -o cali01894ffb609 -m comment --comment "cali:HEQ8MyspLcR1DJq7" -g cali-tw-cali01894ffb609
  206. -A cali-to-wl-dispatch -o cali3e6931d032d -m comment --comment "cali:V4GBJuDbO9V1HN-Y" -g cali-tw-cali3e6931d032d
  207. -A cali-to-wl-dispatch -o cali4f6359baa47 -m comment --comment "cali:jW91OvL0RyOj--2o" -g cali-tw-cali4f6359baa47
  208. -A cali-to-wl-dispatch -o calia47368f6a2f -m comment --comment "cali:_-18Z-DLKpLNqp_f" -g cali-tw-calia47368f6a2f
  209. -A cali-to-wl-dispatch -o calicceaa2f1590 -m comment --comment "cali:3chVGlGnK5RJ0dgK" -g cali-tw-calicceaa2f1590
  210. -A cali-to-wl-dispatch -o calif+ -m comment --comment "cali:zNxPvetFgq-SpxcY" -g cali-to-wl-dispatch-f
  211. -A cali-to-wl-dispatch -m comment --comment "cali:1UIo_ydw-tmvWoLq" -m comment --comment "Unknown interface" -j DROP
  212. -A cali-to-wl-dispatch-f -o calif152a6fc379 -m comment --comment "cali:uV-lSMpydVlyyTjo" -g cali-tw-calif152a6fc379
  213. -A cali-to-wl-dispatch-f -o calif3f68101b1f -m comment --comment "cali:t0uyQCEjkdY_O-gE" -g cali-tw-calif3f68101b1f
  214. -A cali-to-wl-dispatch-f -m comment --comment "cali:9yYC_193DtH35H6U" -m comment --comment "Unknown interface" -j DROP
  215. -A cali-tw-cali01894ffb609 -m comment --comment "cali:Ol39SgbjIHDA_EFA" -j MARK --set-xmark 0x0/0x1000000
  216. -A cali-tw-cali01894ffb609 -m comment --comment "cali:kGMS58UzUFWXtUxZ" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  217. -A cali-tw-cali01894ffb609 -m comment --comment "cali:vr793XEtlaf5du9d" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match
  218. -A cali-tw-cali01894ffb609 -m comment --comment "cali:95w1KxLN11coWoXA" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  219. -A cali-tw-cali01894ffb609 -m comment --comment "cali:7MsVWbfvGNVHf8Xn" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  220. -A cali-tw-cali01894ffb609 -m comment --comment "cali:rXLK17az1qBDJk6J" -j cali-pri-k8s_ns.ceph
  221. -A cali-tw-cali01894ffb609 -m comment --comment "cali:Y2yvo9bO0qjojCOT" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  222. -A cali-tw-cali01894ffb609 -m comment --comment "cali:2V2NpoZ17-jvPL6m" -m comment --comment "Drop if no profiles matched" -j DROP
  223. -A cali-tw-cali3e6931d032d -m comment --comment "cali:NPBXryE15YVGqWEK" -j MARK --set-xmark 0x0/0x1000000
  224. -A cali-tw-cali3e6931d032d -m comment --comment "cali:uCGzE0_lJJVkEiah" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  225. -A cali-tw-cali3e6931d032d -m comment --comment "cali:gxz5Fl_tg5Kpr0Ud" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match
  226. -A cali-tw-cali3e6931d032d -m comment --comment "cali:sgZswpKU-uxWCtNV" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  227. -A cali-tw-cali3e6931d032d -m comment --comment "cali:dbIO3rYwJnvsrs0I" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  228. -A cali-tw-cali3e6931d032d -m comment --comment "cali:40Z2VNPkQ8Tugxui" -j cali-pri-k8s_ns.kube-system
  229. -A cali-tw-cali3e6931d032d -m comment --comment "cali:uWYb14ZXoPfCIV8u" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  230. -A cali-tw-cali3e6931d032d -m comment --comment "cali:h1FjbuI6rlSq3no4" -m comment --comment "Drop if no profiles matched" -j DROP
  231. -A cali-tw-cali4f6359baa47 -m comment --comment "cali:L7G8ZsN6DbEbfZJr" -j MARK --set-xmark 0x0/0x1000000
  232. -A cali-tw-cali4f6359baa47 -m comment --comment "cali:HZQ3rNDsH_5oL7uZ" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  233. -A cali-tw-cali4f6359baa47 -m comment --comment "cali:N8z7ROftW4bkmziH" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match
  234. -A cali-tw-cali4f6359baa47 -m comment --comment "cali:aoUIuAnb7x_on98y" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  235. -A cali-tw-cali4f6359baa47 -m comment --comment "cali:qDkA6YfIWDlia9lp" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  236. -A cali-tw-cali4f6359baa47 -m comment --comment "cali:1n2St00mBP438MVY" -j cali-pri-k8s_ns.kube-system
  237. -A cali-tw-cali4f6359baa47 -m comment --comment "cali:TQzSlkVUV1YSGo-r" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  238. -A cali-tw-cali4f6359baa47 -m comment --comment "cali:FO2ekbUsxKVqk1is" -m comment --comment "Drop if no profiles matched" -j DROP
  239. -A cali-tw-calia47368f6a2f -m comment --comment "cali:rhcR9dXKGdyoz1xD" -j MARK --set-xmark 0x0/0x1000000
  240. -A cali-tw-calia47368f6a2f -m comment --comment "cali:WRzDf-gXpkYqkgip" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  241. -A cali-tw-calia47368f6a2f -m comment --comment "cali:xzuM0dvYOJwDCEbK" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match
  242. -A cali-tw-calia47368f6a2f -m comment --comment "cali:fJwltuc-uUx5NHQE" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  243. -A cali-tw-calia47368f6a2f -m comment --comment "cali:q8WYoNNLxXj9RuZD" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  244. -A cali-tw-calia47368f6a2f -m comment --comment "cali:ICumnEYHKKOD3vk1" -j cali-pri-k8s_ns.kube-system
  245. -A cali-tw-calia47368f6a2f -m comment --comment "cali:R-hxHlSMDjnx7GB-" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  246. -A cali-tw-calia47368f6a2f -m comment --comment "cali:CC91toomv240aEfx" -m comment --comment "Drop if no profiles matched" -j DROP
  247. -A cali-tw-calicceaa2f1590 -m comment --comment "cali:Cl1l1rb1XF2TrSNc" -j MARK --set-xmark 0x0/0x1000000
  248. -A cali-tw-calicceaa2f1590 -m comment --comment "cali:w3g3Hn24NQvu45-S" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  249. -A cali-tw-calicceaa2f1590 -m comment --comment "cali:ij5f35cdLMSdrpnl" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match
  250. -A cali-tw-calicceaa2f1590 -m comment --comment "cali:KmJnOK9yZXBMD35R" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  251. -A cali-tw-calicceaa2f1590 -m comment --comment "cali:LCDXgBQRqGUc4-kW" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  252. -A cali-tw-calicceaa2f1590 -m comment --comment "cali:apRwKhDIJh5tOZ1S" -j cali-pri-_8RYwx-GzQkydyUOSQ3
  253. -A cali-tw-calicceaa2f1590 -m comment --comment "cali:VoQ_yRsibSem9jqC" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  254. -A cali-tw-calicceaa2f1590 -m comment --comment "cali:A-x-RA7g_Za-1Apv" -m comment --comment "Drop if no profiles matched" -j DROP
  255. -A cali-tw-calif152a6fc379 -m comment --comment "cali:sb6kjm1_KC9mEpAb" -j MARK --set-xmark 0x0/0x1000000
  256. -A cali-tw-calif152a6fc379 -m comment --comment "cali:cz61O8RFq4gIQ2YJ" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  257. -A cali-tw-calif152a6fc379 -m comment --comment "cali:d45YaLauJInyRo1M" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match
  258. -A cali-tw-calif152a6fc379 -m comment --comment "cali:d1DK00JAFZc5rJHj" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  259. -A cali-tw-calif152a6fc379 -m comment --comment "cali:QTWj2lsYRVa_jL3B" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  260. -A cali-tw-calif152a6fc379 -m comment --comment "cali:Y1ci4m_endRGq0je" -j cali-pri-k8s_ns.kube-system
  261. -A cali-tw-calif152a6fc379 -m comment --comment "cali:xGLPpFaOdpeC86DM" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  262. -A cali-tw-calif152a6fc379 -m comment --comment "cali:6HYUe-Ifvf5fy05u" -m comment --comment "Drop if no profiles matched" -j DROP
  263. -A cali-tw-calif3f68101b1f -m comment --comment "cali:5Edx5GGUJA8zMRQB" -j MARK --set-xmark 0x0/0x1000000
  264. -A cali-tw-calif3f68101b1f -m comment --comment "cali:7bnO-zcugvTGtbG0" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000
  265. -A cali-tw-calif3f68101b1f -m comment --comment "cali:1oyznZjzCg2zt_RS" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match
  266. -A cali-tw-calif3f68101b1f -m comment --comment "cali:nROZ50Jo4ish7Lcp" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  267. -A cali-tw-calif3f68101b1f -m comment --comment "cali:np-DhFXUrJsuHSfh" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP
  268. -A cali-tw-calif3f68101b1f -m comment --comment "cali:-PSWrirhxc91NR5C" -j cali-pri-k8s_ns.kube-system
  269. -A cali-tw-calif3f68101b1f -m comment --comment "cali:04w050Vi3ExJHbXj" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN
  270. -A cali-tw-calif3f68101b1f -m comment --comment "cali:UACZLGLRF1Qu84fi" -m comment --comment "Drop if no profiles matched" -j DROP
  271. -A cali-wl-to-host -p udp -m comment --comment "cali:aEOMPPLgak2S0Lxs" -m multiport --sports 68 -m multiport --dports 67 -j ACCEPT
  272. -A cali-wl-to-host -p udp -m comment --comment "cali:SzR8ejPiuXtFMS8B" -m multiport --dports 53 -j ACCEPT
  273. -A cali-wl-to-host -m comment --comment "cali:MEmlbCdco0Fefcrw" -j cali-from-wl-dispatch
  274. -A cali-wl-to-host -m comment --comment "cali:3xIeqPkH_U4Pk0Cf" -m comment --comment "Configured DefaultEndpointToHostAction" -j DROP
  275. COMMIT
  276. # Completed on Thu Mar 23 13:17:05 2017
  277. # Generated by iptables-save v1.4.21 on Thu Mar 23 13:17:05 2017
  278. *nat
  279. :PREROUTING ACCEPT [2:120]
  280. :INPUT ACCEPT [2:120]
  281. :OUTPUT ACCEPT [0:0]
  282. :POSTROUTING ACCEPT [0:0]
  283. :DOCKER - [0:0]
  284. :KUBE-MARK-DROP - [0:0]
  285. :KUBE-MARK-MASQ - [0:0]
  286. :KUBE-NODEPORTS - [0:0]
  287. :KUBE-POSTROUTING - [0:0]
  288. :KUBE-SEP-MYVNS4TYOGPJNVNR - [0:0]
  289. :KUBE-SEP-NSGWCYVM46HAWV73 - [0:0]
  290. :KUBE-SEP-PHU6AW6AGYEAERX7 - [0:0]
  291. :KUBE-SEP-QYFU6CFLNZUNWMCW - [0:0]
  292. :KUBE-SEP-XAU5BSYIZQXSE5IR - [0:0]
  293. :KUBE-SERVICES - [0:0]
  294. :KUBE-SVC-BJM46V3U5RZHCFRZ - [0:0]
  295. :KUBE-SVC-DHPNFOWDQUXNIZO5 - [0:0]
  296. :KUBE-SVC-ERIFXISQEP7F7OF4 - [0:0]
  297. :KUBE-SVC-JRXTEHDDTAFMSEAS - [0:0]
  298. :KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0]
  299. :KUBE-SVC-Q6XJQ2I55QTBQCWT - [0:0]
  300. :KUBE-SVC-TCOU7JCQXEZGVUNU - [0:0]
  301. :KUBE-SVC-XGLOHA7QRQ3V22RZ - [0:0]
  302. :cali-OUTPUT - [0:0]
  303. :cali-POSTROUTING - [0:0]
  304. :cali-PREROUTING - [0:0]
  305. :cali-fip-dnat - [0:0]
  306. :cali-fip-snat - [0:0]
  307. :cali-nat-outgoing - [0:0]
  308. -A PREROUTING -m comment --comment "cali:6gwbT8clXdHdC1b1" -j cali-PREROUTING
  309. -A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
  310. -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
  311. -A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT
  312. -A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
  313. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
  314. -A POSTROUTING -m comment --comment "cali:O3lYWMrLQYEMJtB5" -j cali-POSTROUTING
  315. -A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING
  316. -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
  317. -A POSTROUTING -s 10.2.0.0/16 -d 10.2.0.0/16 -j RETURN
  318. -A POSTROUTING -s 10.2.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE
  319. -A POSTROUTING ! -s 10.2.0.0/16 -d 10.2.0.0/16 -j MASQUERADE
  320. -A DOCKER -i docker0 -j RETURN
  321. -A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000
  322. -A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
  323. -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE
  324. -A KUBE-SEP-MYVNS4TYOGPJNVNR -s 192.168.1.2/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
  325. -A KUBE-SEP-MYVNS4TYOGPJNVNR -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-MYVNS4TYOGPJNVNR --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 192.168.1.2:443
  326. -A KUBE-SEP-NSGWCYVM46HAWV73 -s 10.2.63.9/32 -m comment --comment "kube-system/heapster:" -j KUBE-MARK-MASQ
  327. -A KUBE-SEP-NSGWCYVM46HAWV73 -p tcp -m comment --comment "kube-system/heapster:" -m tcp -j DNAT --to-destination 10.2.63.9:8082
  328. -A KUBE-SEP-PHU6AW6AGYEAERX7 -s 10.2.63.2/32 -m comment --comment "kube-system/monitoring-influxdb:" -j KUBE-MARK-MASQ
  329. -A KUBE-SEP-PHU6AW6AGYEAERX7 -p tcp -m comment --comment "kube-system/monitoring-influxdb:" -m tcp -j DNAT --to-destination 10.2.63.2:8086
  330. -A KUBE-SEP-QYFU6CFLNZUNWMCW -s 10.2.63.3/32 -m comment --comment "nginx-ingress/default-http-backend:" -j KUBE-MARK-MASQ
  331. -A KUBE-SEP-QYFU6CFLNZUNWMCW -p tcp -m comment --comment "nginx-ingress/default-http-backend:" -m tcp -j DNAT --to-destination 10.2.63.3:8080
  332. -A KUBE-SEP-XAU5BSYIZQXSE5IR -s 10.2.63.3/32 -m comment --comment "kube-system/monitoring-grafana:" -j KUBE-MARK-MASQ
  333. -A KUBE-SEP-XAU5BSYIZQXSE5IR -p tcp -m comment --comment "kube-system/monitoring-grafana:" -m tcp -j DNAT --to-destination 10.2.63.3:3000
  334. -A KUBE-SERVICES ! -s 10.2.0.0/16 -d 10.3.0.116/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
  335. -A KUBE-SERVICES -d 10.3.0.116/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard: cluster IP" -m tcp --dport 80 -j KUBE-SVC-XGLOHA7QRQ3V22RZ
  336. -A KUBE-SERVICES ! -s 10.2.0.0/16 -d 10.3.0.187/32 -p tcp -m comment --comment "kube-system/monitoring-grafana: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
  337. -A KUBE-SERVICES -d 10.3.0.187/32 -p tcp -m comment --comment "kube-system/monitoring-grafana: cluster IP" -m tcp --dport 80 -j KUBE-SVC-JRXTEHDDTAFMSEAS
  338. -A KUBE-SERVICES ! -s 10.2.0.0/16 -d 10.3.0.214/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb: cluster IP" -m tcp --dport 8086 -j KUBE-MARK-MASQ
  339. -A KUBE-SERVICES -d 10.3.0.214/32 -p tcp -m comment --comment "kube-system/monitoring-influxdb: cluster IP" -m tcp --dport 8086 -j KUBE-SVC-Q6XJQ2I55QTBQCWT
  340. -A KUBE-SERVICES ! -s 10.2.0.0/16 -d 10.3.0.233/32 -p tcp -m comment --comment "nginx-ingress/default-http-backend: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
  341. -A KUBE-SERVICES -d 10.3.0.233/32 -p tcp -m comment --comment "nginx-ingress/default-http-backend: cluster IP" -m tcp --dport 80 -j KUBE-SVC-DHPNFOWDQUXNIZO5
  342. -A KUBE-SERVICES ! -s 10.2.0.0/16 -d 10.3.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
  343. -A KUBE-SERVICES -d 10.3.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
  344. -A KUBE-SERVICES ! -s 10.2.0.0/16 -d 10.3.0.2/32 -p tcp -m comment --comment "kube-system/heapster: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
  345. -A KUBE-SERVICES -d 10.3.0.2/32 -p tcp -m comment --comment "kube-system/heapster: cluster IP" -m tcp --dport 80 -j KUBE-SVC-BJM46V3U5RZHCFRZ
  346. -A KUBE-SERVICES ! -s 10.2.0.0/16 -d 10.3.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-MARK-MASQ
  347. -A KUBE-SERVICES -d 10.3.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
  348. -A KUBE-SERVICES ! -s 10.2.0.0/16 -d 10.3.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-MARK-MASQ
  349. -A KUBE-SERVICES -d 10.3.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
  350. -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
  351. -A KUBE-SVC-BJM46V3U5RZHCFRZ -m comment --comment "kube-system/heapster:" -j KUBE-SEP-NSGWCYVM46HAWV73
  352. -A KUBE-SVC-DHPNFOWDQUXNIZO5 -m comment --comment "nginx-ingress/default-http-backend:" -j KUBE-SEP-QYFU6CFLNZUNWMCW
  353. -A KUBE-SVC-JRXTEHDDTAFMSEAS -m comment --comment "kube-system/monitoring-grafana:" -j KUBE-SEP-XAU5BSYIZQXSE5IR
  354. -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-MYVNS4TYOGPJNVNR --mask 255.255.255.255 --rsource -j KUBE-SEP-MYVNS4TYOGPJNVNR
  355. -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-MYVNS4TYOGPJNVNR
  356. -A KUBE-SVC-Q6XJQ2I55QTBQCWT -m comment --comment "kube-system/monitoring-influxdb:" -j KUBE-SEP-PHU6AW6AGYEAERX7
  357. -A cali-OUTPUT -m comment --comment "cali:GBTAv2p5CwevEyJm" -j cali-fip-dnat
  358. -A cali-POSTROUTING -m comment --comment "cali:Z-c7XtVd2Bq7s_hA" -j cali-fip-snat
  359. -A cali-POSTROUTING -m comment --comment "cali:nYKhEzDlr11Jccal" -j cali-nat-outgoing
  360. -A cali-PREROUTING -m comment --comment "cali:r6XmIziWUJsdOK6Z" -j cali-fip-dnat
  361. COMMIT
  362. # Completed on Thu Mar 23 13:17:05 2017
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!