API tools faq
paste
Advertisement
Guest User

bino-kubernetes-problem

a guest
Jul 26th, 2022
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.51 KB | None | 0 0
raw download clone embed print report
  1. root@k8s-worker-1:~# systemctl status nftables.service
  2. ● nftables.service - nftables
  3. Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
  4. Active: active (exited) since Tue 2022-07-26 05:56:17 EDT; 46min ago
  5. Docs: man:nft(8)
  6. http://wiki.nftables.org
  7. Process: 186 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS)
  8. Main PID: 186 (code=exited, status=0/SUCCESS)
  9. CPU: 34ms
  10.  
  11. Warning: journal has been rotated since unit was started, output may be incomplete.
  12. root@k8s-worker-1:~# nft list ruleset\
  13. >
  14. table inet filter {
  15. chain input {
  16. type filter hook input priority filter; policy accept;
  17. }
  18.  
  19. chain forward {
  20. type filter hook forward priority filter; policy accept;
  21. }
  22.  
  23. chain output {
  24. type filter hook output priority filter; policy accept;
  25. }
  26. }
  27. table ip nat {
  28. chain KUBE-MARK-DROP {
  29. counter packets 0 bytes 0 meta mark set mark or 0x8000
  30. }
  31.  
  32. chain KUBE-MARK-MASQ {
  33. counter packets 2 bytes 120 meta mark set mark or 0x4000
  34. }
  35.  
  36. chain KUBE-POSTROUTING {
  37. mark and 0x4000 != 0x4000 counter packets 6865 bytes 412264 return
  38. counter packets 2 bytes 120 meta mark set mark xor 0x4000
  39. counter packets 2 bytes 120 masquerade
  40. }
  41.  
  42. chain POSTROUTING {
  43. type nat hook postrouting priority srcnat; policy accept;
  44. counter packets 7066 bytes 424485 jump KUBE-POSTROUTING
  45. # match-set kube-router-pod-subnets src # ! match-set kube-router-pod-subnets dst # ! match-set kube-router-node-ips dst counter packets 16 bytes 965 masquerade
  46. }
  47.  
  48. chain KUBE-KUBELET-CANARY {
  49. }
  50.  
  51. chain KUBE-PROXY-CANARY {
  52. }
  53.  
  54. chain KUBE-SERVICES {
  55. meta l4proto tcp ip daddr 10.106.36.229 tcp dport 443 counter packets 0 bytes 0 jump KUBE-SVC-XBIRSKPJDNCMT43V
  56. meta l4proto tcp ip daddr 10.102.58.7 tcp dport 443 counter packets 0 bytes 0 jump KUBE-SVC-EDNDUDH2C75GIR6O
  57. meta l4proto tcp ip daddr 192.168.1.186 tcp dport 443 counter packets 0 bytes 0 jump KUBE-EXT-EDNDUDH2C75GIR6O
  58. meta l4proto tcp ip daddr 10.108.233.49 tcp dport 443 counter packets 0 bytes 0 jump KUBE-SVC-EZYNCFY2F7N6OQA2
  59. meta l4proto tcp ip daddr 10.96.0.10 tcp dport 53 counter packets 0 bytes 0 jump KUBE-SVC-ERIFXISQEP7F7OF4
  60. meta l4proto tcp ip daddr 10.102.58.7 tcp dport 80 counter packets 0 bytes 0 jump KUBE-SVC-CG5I4G2RS3ZVWGLK
  61. meta l4proto tcp ip daddr 192.168.1.186 tcp dport 80 counter packets 0 bytes 0 jump KUBE-EXT-CG5I4G2RS3ZVWGLK
  62. meta l4proto tcp ip daddr 10.111.161.2 tcp dport 8081 counter packets 2 bytes 120 jump KUBE-SVC-234DFLNMQCDNYGFJ
  63. meta l4proto tcp ip daddr 10.96.0.1 tcp dport 443 counter packets 0 bytes 0 jump KUBE-SVC-NPX46M4PTMTKRN6Y
  64. meta l4proto udp ip daddr 10.96.0.10 udp dport 53 counter packets 0 bytes 0 jump KUBE-SVC-TCOU7JCQXEZGVUNU
  65. meta l4proto tcp ip daddr 10.96.0.10 tcp dport 9153 counter packets 0 bytes 0 jump KUBE-SVC-JD5MR3NA4I4DYORP
  66. meta l4proto tcp ip daddr 10.110.242.100 tcp dport 443 counter packets 22 bytes 1320 jump KUBE-SVC-Z4ANX4WAEWEBLCTM
  67. fib daddr type local counter packets 1456 bytes 87384 jump KUBE-NODEPORTS
  68. }
  69.  
  70. chain OUTPUT {
  71. type nat hook output priority -100; policy accept;
  72. counter packets 6816 bytes 409394 jump KUBE-SERVICES
  73. }
  74.  
  75. chain PREROUTING {
  76. type nat hook prerouting priority dstnat; policy accept;
  77. counter packets 2905 bytes 1101216 jump KUBE-SERVICES
  78. }
  79.  
  80. chain KUBE-NODEPORTS {
  81. meta l4proto tcp tcp dport 31116 counter packets 0 bytes 0 jump KUBE-EXT-EDNDUDH2C75GIR6O
  82. meta l4proto tcp tcp dport 31097 counter packets 0 bytes 0 jump KUBE-EXT-CG5I4G2RS3ZVWGLK
  83. }
  84.  
  85. chain KUBE-SEP-7KRSNLJXIK7MVNLV {
  86. ip saddr 10.244.0.22 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  87. meta l4proto tcp counter packets 2 bytes 120 dnat to 10.244.0.22:8080
  88. }
  89.  
  90. chain KUBE-SVC-234DFLNMQCDNYGFJ {
  91. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.111.161.2 tcp dport 8081 counter packets 2 bytes 120 jump KUBE-MARK-MASQ
  92. counter packets 2 bytes 120 jump KUBE-SEP-7KRSNLJXIK7MVNLV
  93. }
  94.  
  95. chain KUBE-SEP-PERR2UE4LXM6VRCG {
  96. ip saddr 192.168.1.65 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  97. meta l4proto tcp counter packets 0 bytes 0 dnat to 192.168.1.65:6443
  98. }
  99.  
  100. chain KUBE-SVC-NPX46M4PTMTKRN6Y {
  101. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.96.0.1 tcp dport 443 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  102. counter packets 0 bytes 0 jump KUBE-SEP-PERR2UE4LXM6VRCG
  103. }
  104.  
  105. chain KUBE-SEP-V2V2Q35G2YSWC7VC {
  106. ip saddr 10.244.0.19 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  107. meta l4proto tcp counter packets 0 bytes 0 dnat to 10.244.0.19:53
  108. }
  109.  
  110. chain KUBE-SVC-ERIFXISQEP7F7OF4 {
  111. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.96.0.10 tcp dport 53 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  112. counter packets 0 bytes 0 jump KUBE-SEP-V2V2Q35G2YSWC7VC
  113. counter packets 0 bytes 0 jump KUBE-SEP-LGXZUSYJZFXP55VS
  114. }
  115.  
  116. chain KUBE-SEP-7SYQPOQ5CGSCKQZX {
  117. ip saddr 10.244.0.19 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  118. meta l4proto udp counter packets 0 bytes 0 dnat to 10.244.0.19:53
  119. }
  120.  
  121. chain KUBE-SVC-TCOU7JCQXEZGVUNU {
  122. meta l4proto udp ip saddr != 10.244.0.0/16 ip daddr 10.96.0.10 udp dport 53 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  123. counter packets 0 bytes 0 jump KUBE-SEP-7SYQPOQ5CGSCKQZX
  124. counter packets 0 bytes 0 jump KUBE-SEP-WHU5MQLF6I7CQ4PO
  125. }
  126.  
  127. chain KUBE-SEP-TLCPTR2BBYKNVXPN {
  128. ip saddr 10.244.0.19 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  129. meta l4proto tcp counter packets 0 bytes 0 dnat to 10.244.0.19:9153
  130. }
  131.  
  132. chain KUBE-SVC-JD5MR3NA4I4DYORP {
  133. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.96.0.10 tcp dport 9153 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  134. counter packets 0 bytes 0 jump KUBE-SEP-TLCPTR2BBYKNVXPN
  135. counter packets 0 bytes 0 jump KUBE-SEP-SUIYSFWG632A4F7G
  136. }
  137.  
  138. chain KUBE-SEP-WHU5MQLF6I7CQ4PO {
  139. ip saddr 10.244.0.20 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  140. meta l4proto udp counter packets 0 bytes 0 dnat to 10.244.0.20:53
  141. }
  142.  
  143. chain KUBE-SEP-SUIYSFWG632A4F7G {
  144. ip saddr 10.244.0.20 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  145. meta l4proto tcp counter packets 0 bytes 0 dnat to 10.244.0.20:9153
  146. }
  147.  
  148. chain KUBE-SEP-LGXZUSYJZFXP55VS {
  149. ip saddr 10.244.0.20 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  150. meta l4proto tcp counter packets 0 bytes 0 dnat to 10.244.0.20:53
  151. }
  152.  
  153. chain KUBE-SEP-B4CZ3FJNSCTRJWRQ {
  154. ip saddr 10.244.0.23 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  155. meta l4proto tcp counter packets 0 bytes 0 dnat to 10.244.0.23:443
  156. }
  157.  
  158. chain KUBE-SVC-EDNDUDH2C75GIR6O {
  159. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.102.58.7 tcp dport 443 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  160. counter packets 0 bytes 0 jump KUBE-SEP-B4CZ3FJNSCTRJWRQ
  161. }
  162.  
  163. chain KUBE-EXT-EDNDUDH2C75GIR6O {
  164. counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  165. counter packets 0 bytes 0 jump KUBE-SVC-EDNDUDH2C75GIR6O
  166. }
  167.  
  168. chain KUBE-SEP-FPZJN6VX4OHY6ZD7 {
  169. ip saddr 10.244.0.23 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  170. meta l4proto tcp counter packets 0 bytes 0 dnat to 10.244.0.23:80
  171. }
  172.  
  173. chain KUBE-SVC-CG5I4G2RS3ZVWGLK {
  174. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.102.58.7 tcp dport 80 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  175. counter packets 0 bytes 0 jump KUBE-SEP-FPZJN6VX4OHY6ZD7
  176. }
  177.  
  178. chain KUBE-EXT-CG5I4G2RS3ZVWGLK {
  179. counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  180. counter packets 0 bytes 0 jump KUBE-SVC-CG5I4G2RS3ZVWGLK
  181. }
  182.  
  183. chain KUBE-SEP-DUXFKBREL6OCQITR {
  184. ip saddr 10.244.0.23 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  185. meta l4proto tcp counter packets 0 bytes 0 dnat to 10.244.0.23:8443
  186. }
  187.  
  188. chain KUBE-SVC-EZYNCFY2F7N6OQA2 {
  189. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.108.233.49 tcp dport 443 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  190. counter packets 0 bytes 0 jump KUBE-SEP-DUXFKBREL6OCQITR
  191. }
  192.  
  193. chain KUBE-SEP-CC2ZRGTKGY46UQVJ {
  194. ip saddr 10.244.0.17 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  195. meta l4proto tcp counter packets 0 bytes 0 dnat to 10.244.0.17:9443
  196. }
  197.  
  198. chain KUBE-SVC-XBIRSKPJDNCMT43V {
  199. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.106.36.229 tcp dport 443 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  200. counter packets 0 bytes 0 jump KUBE-SEP-CC2ZRGTKGY46UQVJ
  201. }
  202.  
  203. chain KUBE-SEP-QEAH3L447RHDWIGU {
  204. ip saddr 10.244.0.21 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  205. meta l4proto tcp counter packets 22 bytes 1320 dnat to 10.244.0.21:10250
  206. }
  207.  
  208. chain KUBE-SVC-Z4ANX4WAEWEBLCTM {
  209. meta l4proto tcp ip saddr != 10.244.0.0/16 ip daddr 10.110.242.100 tcp dport 443 counter packets 0 bytes 0 jump KUBE-MARK-MASQ
  210. counter packets 22 bytes 1320 jump KUBE-SEP-QEAH3L447RHDWIGU
  211. }
  212. }
  213. table ip mangle {
  214. chain KUBE-IPTABLES-HINT {
  215. }
  216.  
  217. chain KUBE-KUBELET-CANARY {
  218. }
  219.  
  220. chain KUBE-PROXY-CANARY {
  221. }
  222. }
  223. table ip6 mangle {
  224. chain KUBE-PROXY-CANARY {
  225. }
  226. }
  227. table ip6 nat {
  228. chain KUBE-PROXY-CANARY {
  229. }
  230.  
  231. chain KUBE-SERVICES {
  232. fib daddr type local counter packets 0 bytes 0 jump KUBE-NODEPORTS
  233. }
  234.  
  235. chain OUTPUT {
  236. type nat hook output priority -100; policy accept;
  237. counter packets 0 bytes 0 jump KUBE-SERVICES
  238. }
  239.  
  240. chain PREROUTING {
  241. type nat hook prerouting priority dstnat; policy accept;
  242. counter packets 6276 bytes 3121825 jump KUBE-SERVICES
  243. }
  244.  
  245. chain KUBE-POSTROUTING {
  246. mark and 0x4000 != 0x4000 counter packets 0 bytes 0 return
  247. counter packets 0 bytes 0 meta mark set mark xor 0x4000
  248. counter packets 0 bytes 0 masquerade random-fully
  249. }
  250.  
  251. chain POSTROUTING {
  252. type nat hook postrouting priority srcnat; policy accept;
  253. counter packets 0 bytes 0 jump KUBE-POSTROUTING
  254. }
  255.  
  256. chain KUBE-MARK-DROP {
  257. }
  258.  
  259. chain KUBE-NODEPORTS {
  260. }
  261.  
  262. chain KUBE-MARK-MASQ {
  263. counter packets 0 bytes 0 meta mark set mark or 0x4000
  264. }
  265. }
  266. table ip6 filter {
  267. chain KUBE-PROXY-CANARY {
  268. }
  269.  
  270. chain KUBE-EXTERNAL-SERVICES {
  271. }
  272.  
  273. chain INPUT {
  274. type filter hook input priority filter; policy accept;
  275. counter packets 84 bytes 4672 jump KUBE-NODEPORTS
  276. ct state new counter packets 0 bytes 0 jump KUBE-EXTERNAL-SERVICES
  277. }
  278.  
  279. chain FORWARD {
  280. type filter hook forward priority filter; policy accept;
  281. counter packets 336 bytes 18816 jump KUBE-FORWARD
  282. ct state new counter packets 0 bytes 0 jump KUBE-SERVICES
  283. ct state new counter packets 0 bytes 0 jump KUBE-EXTERNAL-SERVICES
  284. }
  285.  
  286. chain KUBE-NODEPORTS {
  287. }
  288.  
  289. chain KUBE-SERVICES {
  290. }
  291.  
  292. chain OUTPUT {
  293. type filter hook output priority filter; policy accept;
  294. ct state new counter packets 0 bytes 0 jump KUBE-SERVICES
  295. }
  296.  
  297. chain KUBE-FORWARD {
  298. ct state invalid counter packets 0 bytes 0 drop
  299. mark and 0x4000 == 0x4000 counter packets 0 bytes 0 accept
  300. ct state related,established counter packets 0 bytes 0 accept
  301. }
  302. }
  303. table ip filter {
  304. chain INPUT {
  305. type filter hook input priority filter; policy accept;
  306. counter packets 1966 bytes 538707 jump KUBE-ROUTER-INPUT
  307. counter packets 930 bytes 281405 jump KUBE-NODEPORTS
  308. ct state new counter packets 64 bytes 5222 jump KUBE-EXTERNAL-SERVICES
  309. counter packets 930 bytes 281405 jump KUBE-FIREWALL
  310. }
  311.  
  312. chain FORWARD {
  313. type filter hook forward priority filter; policy accept;
  314. counter packets 1176 bytes 275294 jump KUBE-ROUTER-FORWARD
  315. oifname "eth0" counter packets 0 bytes 0 accept
  316. oifname "kube-bridge" counter packets 0 bytes 0 accept
  317. iifname "kube-bridge" counter packets 0 bytes 0 accept
  318. counter packets 0 bytes 0 jump KUBE-FORWARD
  319. ct state new counter packets 0 bytes 0 jump KUBE-SERVICES
  320. ct state new counter packets 0 bytes 0 jump KUBE-EXTERNAL-SERVICES
  321. }
  322.  
  323. chain OUTPUT {
  324. type filter hook output priority filter; policy accept;
  325. counter packets 2036 bytes 357922 jump KUBE-ROUTER-OUTPUT
  326. ct state new counter packets 50 bytes 3000 jump KUBE-SERVICES
  327. counter packets 818 bytes 192709 jump KUBE-FIREWALL
  328. }
  329.  
  330. chain KUBE-EXTERNAL-SERVICES {
  331. }
  332.  
  333. chain KUBE-FIREWALL {
  334. mark and 0x8000 == 0x8000 counter packets 0 bytes 0 drop
  335. ip saddr != 127.0.0.0/8 ip daddr 127.0.0.0/8 ct status dnat counter packets 0 bytes 0 drop
  336. }
  337.  
  338. chain KUBE-FORWARD {
  339. ct state invalid counter packets 0 bytes 0 drop
  340. mark and 0x4000 == 0x4000 counter packets 0 bytes 0 accept
  341. ct state related,established counter packets 0 bytes 0 accept
  342. }
  343.  
  344. chain KUBE-KUBELET-CANARY {
  345. }
  346.  
  347. chain KUBE-NODEPORTS {
  348. }
  349.  
  350. chain KUBE-NWPLCY-DEFAULT {
  351. counter packets 35 bytes 2100 meta mark set mark or 0x10000
  352. }
  353.  
  354. chain KUBE-PROXY-CANARY {
  355. }
  356.  
  357. chain KUBE-ROUTER-FORWARD {
  358. ip daddr 10.244.0.17 counter packets 12 bytes 1376 jump KUBE-POD-FW-B7ND4AZTPE4HJLGT
  359. ip daddr 10.244.0.17 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-B7ND4AZTPE4HJLGT
  360. ip saddr 10.244.0.17 counter packets 15 bytes 2167 jump KUBE-POD-FW-B7ND4AZTPE4HJLGT
  361. ip saddr 10.244.0.17 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-B7ND4AZTPE4HJLGT
  362. ip daddr 10.244.0.22 counter packets 0 bytes 0 jump KUBE-POD-FW-AVXGM2QVMDXGTTTJ
  363. ip daddr 10.244.0.22 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-AVXGM2QVMDXGTTTJ
  364. ip saddr 10.244.0.22 counter packets 0 bytes 0 jump KUBE-POD-FW-AVXGM2QVMDXGTTTJ
  365. ip saddr 10.244.0.22 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-AVXGM2QVMDXGTTTJ
  366. ip daddr 10.244.0.19 counter packets 4 bytes 416 jump KUBE-POD-FW-GZCCJ5BUUEYURNR7
  367. ip daddr 10.244.0.19 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-GZCCJ5BUUEYURNR7
  368. ip saddr 10.244.0.19 counter packets 4 bytes 208 jump KUBE-POD-FW-GZCCJ5BUUEYURNR7
  369. ip saddr 10.244.0.19 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-GZCCJ5BUUEYURNR7
  370. ip daddr 10.244.0.20 counter packets 4 bytes 208 jump KUBE-POD-FW-GJL7NGIL4TUCQ6PL
  371. ip daddr 10.244.0.20 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-GJL7NGIL4TUCQ6PL
  372. ip saddr 10.244.0.20 counter packets 4 bytes 208 jump KUBE-POD-FW-GJL7NGIL4TUCQ6PL
  373. ip saddr 10.244.0.20 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-GJL7NGIL4TUCQ6PL
  374. ip daddr 10.244.0.21 counter packets 177 bytes 33527 jump KUBE-POD-FW-7I7Z4YT7SAZPW463
  375. ip daddr 10.244.0.21 # PHYSDEV match --physdev-is-bridged counter packets 2 bytes 120 jump KUBE-POD-FW-7I7Z4YT7SAZPW463
  376. ip saddr 10.244.0.21 counter packets 221 bytes 42682 jump KUBE-POD-FW-7I7Z4YT7SAZPW463
  377. ip saddr 10.244.0.21 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-7I7Z4YT7SAZPW463
  378. ip daddr 10.244.0.18 counter packets 136 bytes 18372 jump KUBE-POD-FW-JKBHI46ODNOSCEDU
  379. ip daddr 10.244.0.18 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-JKBHI46ODNOSCEDU
  380. ip saddr 10.244.0.18 counter packets 135 bytes 37599 jump KUBE-POD-FW-JKBHI46ODNOSCEDU
  381. ip saddr 10.244.0.18 # PHYSDEV match --physdev-is-bridged counter packets 2 bytes 120 jump KUBE-POD-FW-JKBHI46ODNOSCEDU
  382. ip daddr 10.244.0.23 counter packets 260 bytes 105277 jump KUBE-POD-FW-ARW6DB2K7XFK3BBE
  383. ip daddr 10.244.0.23 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-ARW6DB2K7XFK3BBE
  384. ip saddr 10.244.0.23 counter packets 206 bytes 33374 jump KUBE-POD-FW-ARW6DB2K7XFK3BBE
  385. ip saddr 10.244.0.23 # PHYSDEV match --physdev-is-bridged counter packets 0 bytes 0 jump KUBE-POD-FW-ARW6DB2K7XFK3BBE
  386. mark and 0x20000 == 0x20000 counter packets 29 bytes 1740 accept
  387. }
  388.  
  389. chain KUBE-ROUTER-INPUT {
  390. ip daddr 10.96.0.0/12 counter packets 0 bytes 0 return
  391. meta l4proto tcp fib daddr type local tcp dport 30000-32767 counter packets 0 bytes 0 return
  392. meta l4proto udp fib daddr type local udp dport 30000-32767 counter packets 0 bytes 0 return
  393. ip saddr 10.244.0.17 counter packets 103 bytes 138100 jump KUBE-POD-FW-B7ND4AZTPE4HJLGT
  394. ip saddr 10.244.0.22 counter packets 0 bytes 0 jump KUBE-POD-FW-AVXGM2QVMDXGTTTJ
  395. ip saddr 10.244.0.19 counter packets 261 bytes 21692 jump KUBE-POD-FW-GZCCJ5BUUEYURNR7
  396. ip saddr 10.244.0.20 counter packets 254 bytes 21328 jump KUBE-POD-FW-GJL7NGIL4TUCQ6PL
  397. ip saddr 10.244.0.21 counter packets 292 bytes 64798 jump KUBE-POD-FW-7I7Z4YT7SAZPW463
  398. ip saddr 10.244.0.18 counter packets 44 bytes 3738 jump KUBE-POD-FW-JKBHI46ODNOSCEDU
  399. ip saddr 10.244.0.23 counter packets 82 bytes 7646 jump KUBE-POD-FW-ARW6DB2K7XFK3BBE
  400. mark and 0x20000 == 0x20000 counter packets 0 bytes 0 accept
  401. }
  402.  
  403. chain KUBE-ROUTER-OUTPUT {
  404. ip daddr 10.244.0.17 counter packets 115 bytes 8104 jump KUBE-POD-FW-B7ND4AZTPE4HJLGT
  405. ip saddr 10.244.0.17 counter packets 0 bytes 0 jump KUBE-POD-FW-B7ND4AZTPE4HJLGT
  406. ip daddr 10.244.0.22 counter packets 0 bytes 0 jump KUBE-POD-FW-AVXGM2QVMDXGTTTJ
  407. ip saddr 10.244.0.22 counter packets 0 bytes 0 jump KUBE-POD-FW-AVXGM2QVMDXGTTTJ
  408. ip daddr 10.244.0.19 counter packets 299 bytes 22053 jump KUBE-POD-FW-GZCCJ5BUUEYURNR7
  409. ip saddr 10.244.0.19 counter packets 0 bytes 0 jump KUBE-POD-FW-GZCCJ5BUUEYURNR7
  410. ip daddr 10.244.0.20 counter packets 306 bytes 22417 jump KUBE-POD-FW-GJL7NGIL4TUCQ6PL
  411. ip saddr 10.244.0.20 counter packets 0 bytes 0 jump KUBE-POD-FW-GJL7NGIL4TUCQ6PL
  412. ip daddr 10.244.0.21 counter packets 334 bytes 100670 jump KUBE-POD-FW-7I7Z4YT7SAZPW463
  413. ip saddr 10.244.0.21 counter packets 0 bytes 0 jump KUBE-POD-FW-7I7Z4YT7SAZPW463
  414. ip daddr 10.244.0.18 counter packets 56 bytes 4092 jump KUBE-POD-FW-JKBHI46ODNOSCEDU
  415. ip saddr 10.244.0.18 counter packets 0 bytes 0 jump KUBE-POD-FW-JKBHI46ODNOSCEDU
  416. ip daddr 10.244.0.23 counter packets 108 bytes 7877 jump KUBE-POD-FW-ARW6DB2K7XFK3BBE
  417. ip saddr 10.244.0.23 counter packets 0 bytes 0 jump KUBE-POD-FW-ARW6DB2K7XFK3BBE
  418. mark and 0x20000 == 0x20000 counter packets 0 bytes 0 accept
  419. }
  420.  
  421. chain KUBE-SERVICES {
  422. }
  423.  
  424. chain KUBE-POD-FW-B7ND4AZTPE4HJLGT {
  425. ct state related,established counter packets 227 bytes 148667 accept
  426. ct state invalid counter packets 0 bytes 0 drop
  427. ip daddr 10.244.0.17 fib saddr type local counter packets 18 bytes 1080 accept
  428. ip saddr 10.244.0.17 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  429. ip daddr 10.244.0.17 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  430. mark and 0x10000 != 0x10000 limit rate 10/minute burst 10 packets counter packets 0 bytes 0 log group 100
  431. mark and 0x10000 != 0x10000 counter packets 0 bytes 0 reject
  432. counter packets 0 bytes 0 meta mark set mark and 0xfffeffff
  433. counter packets 0 bytes 0 meta mark set mark or 0x20000
  434. }
  435.  
  436. chain KUBE-POD-FW-AVXGM2QVMDXGTTTJ {
  437. ct state related,established counter packets 0 bytes 0 accept
  438. ct state invalid counter packets 0 bytes 0 drop
  439. ip daddr 10.244.0.22 fib saddr type local counter packets 0 bytes 0 accept
  440. ip saddr 10.244.0.22 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  441. ip daddr 10.244.0.22 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  442. mark and 0x10000 != 0x10000 limit rate 10/minute burst 10 packets counter packets 0 bytes 0 log group 100
  443. mark and 0x10000 != 0x10000 counter packets 0 bytes 0 reject
  444. counter packets 0 bytes 0 meta mark set mark and 0xfffeffff
  445. counter packets 0 bytes 0 meta mark set mark or 0x20000
  446. }
  447.  
  448. chain KUBE-POD-FW-GZCCJ5BUUEYURNR7 {
  449. ct state related,established counter packets 512 bytes 41009 accept
  450. ct state invalid counter packets 0 bytes 0 drop
  451. ip daddr 10.244.0.19 fib saddr type local counter packets 56 bytes 3360 accept
  452. ip saddr 10.244.0.19 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  453. ip daddr 10.244.0.19 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  454. mark and 0x10000 != 0x10000 limit rate 10/minute burst 10 packets counter packets 0 bytes 0 log group 100
  455. mark and 0x10000 != 0x10000 counter packets 0 bytes 0 reject
  456. counter packets 0 bytes 0 meta mark set mark and 0xfffeffff
  457. counter packets 0 bytes 0 meta mark set mark or 0x20000
  458. }
  459.  
  460. chain KUBE-POD-FW-GJL7NGIL4TUCQ6PL {
  461. ct state related,established counter packets 512 bytes 40801 accept
  462. ct state invalid counter packets 0 bytes 0 drop
  463. ip daddr 10.244.0.20 fib saddr type local counter packets 56 bytes 3360 accept
  464. ip saddr 10.244.0.20 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  465. ip daddr 10.244.0.20 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  466. mark and 0x10000 != 0x10000 limit rate 10/minute burst 10 packets counter packets 0 bytes 0 log group 100
  467. mark and 0x10000 != 0x10000 counter packets 0 bytes 0 reject
  468. counter packets 0 bytes 0 meta mark set mark and 0xfffeffff
  469. counter packets 0 bytes 0 meta mark set mark or 0x20000
  470. }
  471.  
  472. chain KUBE-POD-FW-7I7Z4YT7SAZPW463 {
  473. ct state related,established counter packets 976 bytes 238797 accept
  474. ct state invalid counter packets 0 bytes 0 drop
  475. ip daddr 10.244.0.21 fib saddr type local counter packets 19 bytes 1140 accept
  476. ip saddr 10.244.0.21 counter packets 27 bytes 1620 jump KUBE-NWPLCY-DEFAULT
  477. ip daddr 10.244.0.21 counter packets 4 bytes 240 jump KUBE-NWPLCY-DEFAULT
  478. mark and 0x10000 != 0x10000 limit rate 10/minute burst 10 packets counter packets 0 bytes 0 log group 100
  479. mark and 0x10000 != 0x10000 counter packets 0 bytes 0 reject
  480. counter packets 31 bytes 1860 meta mark set mark and 0xfffeffff
  481. counter packets 31 bytes 1860 meta mark set mark or 0x20000
  482. }
  483.  
  484. chain KUBE-POD-FW-JKBHI46ODNOSCEDU {
  485. ct state related,established counter packets 359 bytes 63081 accept
  486. ct state invalid counter packets 0 bytes 0 drop
  487. ip daddr 10.244.0.18 fib saddr type local counter packets 10 bytes 600 accept
  488. ip saddr 10.244.0.18 counter packets 4 bytes 240 jump KUBE-NWPLCY-DEFAULT
  489. ip daddr 10.244.0.18 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  490. mark and 0x10000 != 0x10000 limit rate 10/minute burst 10 packets counter packets 0 bytes 0 log group 100
  491. mark and 0x10000 != 0x10000 counter packets 0 bytes 0 reject
  492. counter packets 4 bytes 240 meta mark set mark and 0xfffeffff
  493. counter packets 4 bytes 240 meta mark set mark or 0x20000
  494. }
  495.  
  496. chain KUBE-POD-FW-ARW6DB2K7XFK3BBE {
  497. ct state related,established counter packets 637 bytes 153034 accept
  498. ct state invalid counter packets 0 bytes 0 drop
  499. ip daddr 10.244.0.23 fib saddr type local counter packets 19 bytes 1140 accept
  500. ip saddr 10.244.0.23 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  501. ip daddr 10.244.0.23 counter packets 0 bytes 0 jump KUBE-NWPLCY-DEFAULT
  502. mark and 0x10000 != 0x10000 limit rate 10/minute burst 10 packets counter packets 0 bytes 0 log group 100
  503. mark and 0x10000 != 0x10000 counter packets 0 bytes 0 reject
  504. counter packets 0 bytes 0 meta mark set mark and 0xfffeffff
  505. counter packets 0 bytes 0 meta mark set mark or 0x20000
  506. }
  507. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!