Created
August 28, 2017 15:58
-
-
Save stevesloka/60215812b7f02fdd9c1c9b1fba2cc7c6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo iptables --list | |
| Chain INPUT (policy ACCEPT) | |
| target prot opt source destination | |
| KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ | |
| KUBE-FIREWALL all -- anywhere anywhere | |
| Chain FORWARD (policy ACCEPT) | |
| target prot opt source destination | |
| DOCKER-ISOLATION all -- anywhere anywhere | |
| DOCKER all -- anywhere anywhere | |
| ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
| ACCEPT all -- anywhere anywhere | |
| ACCEPT all -- anywhere anywhere | |
| WEAVE-NPC all -- anywhere anywhere | |
| NFLOG all -- anywhere anywhere state NEW nflog-group 86 | |
| DROP all -- anywhere anywhere | |
| ACCEPT all -- anywhere anywhere | |
| ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
| Chain OUTPUT (policy ACCEPT) | |
| target prot opt source destination | |
| KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ | |
| KUBE-FIREWALL all -- anywhere anywhere | |
| Chain DOCKER (1 references) | |
| target prot opt source destination | |
| Chain DOCKER-ISOLATION (1 references) | |
| target prot opt source destination | |
| RETURN all -- anywhere anywhere | |
| Chain KUBE-FIREWALL (2 references) | |
| target prot opt source destination | |
| DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000 | |
| Chain KUBE-SERVICES (2 references) | |
| target prot opt source destination | |
| Chain WEAVE-NPC (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | |
| ACCEPT all -- anywhere base-address.mcast.net/4 | |
| WEAVE-NPC-DEFAULT all -- anywhere anywhere state NEW | |
| WEAVE-NPC-INGRESS all -- anywhere anywhere state NEW | |
| ACCEPT all -- anywhere anywhere ! match-set weave-local-pods dst | |
| Chain WEAVE-NPC-DEFAULT (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere match-set weave-iuZcey(5DeXbzgRFs8Szo]+@p dst /* DefaultAllow isolation for namespace: kube-system */ | |
| ACCEPT all -- anywhere anywhere match-set weave-k?Z;25^M}|1s7P3|H9i;*;MhG dst /* DefaultAllow isolation for namespace: default */ | |
| ACCEPT all -- anywhere anywhere match-set weave-4vtqMI+kx/2]jD%_c0S%thO%V dst /* DefaultAllow isolation for namespace: kube-public */ | |
| Chain WEAVE-NPC-INGRESS (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere match-set weave-{U;]TI.l|MdRzDhN7$NRn[t)d src match-set weave-KN[_+Gl.dlb1q$;v4h!E_Sg)( dst /* pods: namespace: default, selector: access=true -> pods: namespace: default, selector: run=nginx */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment