Created
May 24, 2018 13:56
-
-
Save stevesloka/bf21d4969a63ce65a29f5253b9aa044b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo iptables -L -n -v | |
| Chain INPUT (policy ACCEPT 278 packets, 57387 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 4469 5825K cali-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Cz_u1IQiXIMmKD4c */ | |
| 7873 36M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 20691 208M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain FORWARD (policy DROP 18 packets, 720 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 1648 87080 cali-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wUHhoiAYhphO9Mso */ | |
| 1648 87080 KUBE-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forward rules */ | |
| 989 47540 DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 | |
| Chain OUTPUT (policy ACCEPT 283 packets, 82424 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 4453 1005K cali-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 */ | |
| 6759 1194K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 13394 1649K KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain DOCKER (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain DOCKER-ISOLATION (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 989 47540 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain KUBE-FIREWALL (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000 | |
| Chain KUBE-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 18 1080 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x4000/0x4000 | |
| 0 0 ACCEPT all -- * * 192.168.0.0/16 0.0.0.0/0 /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 192.168.0.0/16 /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED | |
| Chain KUBE-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1648 87080 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JV9-BRWxjz8He5Ib */ MARK and 0xf1ffffff | |
| 1648 87080 cali-from-hep-forward all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:p3dIAeGsCabF0CUT */ mark match 0x0/0x1000000 | |
| 0 0 cali-from-wl-dispatch all -- cali+ * 0.0.0.0/0 0.0.0.0/0 /* cali:DeNlxb0sUevj_Plt */ | |
| 0 0 cali-to-wl-dispatch all -- * cali+ 0.0.0.0/0 0.0.0.0/0 /* cali:B81FOaQNZymbX9H8 */ | |
| 1648 87080 cali-to-hep-forward all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bB-I9T0YRAYMASx0 */ | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:I1Ki7aNgQsJFzEpG */ /* Policy explicitly accepted packet. */ mark match 0x1000000/0x1000000 | |
| Chain cali-INPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:i7okJZpS8VxaJB3n */ mark match 0x1000000/0x1000000 | |
| 0 0 ACCEPT 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:kLJdl8-9MpSKcclh */ /* Allow IPIP packets from Calico hosts */ match-set cali4-all-hosts src ADDRTYPE match dst-type LOCAL | |
| 0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JhfQUFFJ2v0jbipF */ /* Drop IPIP packets from non-Calico hosts */ | |
| 0 0 cali-wl-to-host all -- cali+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:lCcyvgf8VeDM1u1- */ | |
| 4469 5825K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GlrNbO_EUWYWRCaO */ MARK and 0xf0ffffff | |
| 4469 5825K cali-from-host-endpoint all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:K-V6zS0uXrZMyaMZ */ | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:LxVlCgv5vgFY0hIt */ /* Host endpoint policy accepted packet. */ mark match 0x1000000/0x1000000 | |
| Chain cali-OUTPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YQSSJIsRcHjFbXaI */ mark match 0x1000000/0x1000000 | |
| 0 0 cali-to-wl-dispatch all -- * cali+ 0.0.0.0/0 0.0.0.0/0 /* cali:N882DxHZfedrB21M */ ipvs | |
| 0 0 RETURN all -- * cali+ 0.0.0.0/0 0.0.0.0/0 /* cali:3DMcCmSodO9PvZSQ */ | |
| 99 7920 ACCEPT 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:z0oSsuDED75MEj0R */ /* Allow IPIP packets to other Calico hosts */ match-set cali4-all-hosts dst ADDRTYPE match src-type LOCAL | |
| 4354 997K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QNnJdgwPtObqbUOD */ MARK and 0xf0ffffff | |
| 4354 997K cali-to-host-endpoint all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:B2nj6q0bloZNBIi- */ | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Exh0jTsM68POxMgM */ /* Host endpoint policy accepted packet. */ mark match 0x1000000/0x1000000 | |
| Chain cali-failsafe-in (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wWFQM43tJU7wwnFZ */ multiport dports 22 | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:LwNV--R8MjeUYacw */ multiport dports 68 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QOO5NUOqOSS1_Iw0 */ multiport dports 179 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cwZWoBSwVeIAZmVN */ multiport dports 2379 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:7FbNXT91kugE_upR */ multiport dports 2380 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ywE9WYUBEpve70WT */ multiport dports 6666 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:l-WQSVBf_lygPR0J */ multiport dports 6667 | |
| Chain cali-failsafe-out (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:82hjfji-wChFhAqL */ multiport dports 53 | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:TNM3RfEjbNr72hgH */ multiport dports 67 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ycxKitIl4u3dK0HR */ multiport dports 179 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hxjEWyxdkXXkdvut */ multiport dports 2379 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cA_GLtruuvG88KiO */ multiport dports 2380 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Sb1hkLYFMrKS6r01 */ multiport dports 6666 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:UwLSebGONJUG4yG- */ multiport dports 6667 | |
| Chain cali-from-hep-forward (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-host-endpoint (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-wl-dispatch (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:zTj6P0TIgYvgz-md */ /* Unknown interface */ | |
| Chain cali-to-hep-forward (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-to-host-endpoint (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-to-wl-dispatch (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:7KNphB1nNHw80nIO */ /* Unknown interface */ | |
| Chain cali-wl-to-host (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-from-wl-dispatch all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Ee9Sbo10IpVujdIY */ | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */ | |
| $ sudo iptables -t nat -L -n -v | |
| Chain PREROUTING (policy ACCEPT 4 packets, 240 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 1454 87240 cali-PREROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6gwbT8clXdHdC1b1 */ | |
| 1455 87300 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 687 41220 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL | |
| Chain INPUT (policy ACCEPT 4 packets, 240 bytes) | |
| pkts bytes target prot opt in out source destination | |
| Chain OUTPUT (policy ACCEPT 9 packets, 566 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 382 23176 cali-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 */ | |
| 464 28422 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 75 4500 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL | |
| Chain POSTROUTING (policy ACCEPT 9 packets, 566 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 1072 64576 cali-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:O3lYWMrLQYEMJtB5 */ | |
| 1116 67542 KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */ | |
| 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 | |
| Chain DOCKER (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 | |
| Chain KUBE-MARK-DROP (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000 | |
| Chain KUBE-MARK-MASQ (53 references) | |
| pkts bytes target prot opt in out source destination | |
| 9 540 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 | |
| Chain KUBE-NODEPORTS (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 7 420 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp dpt:31374 | |
| 7 420 KUBE-SVC-VGUGL7TZFANW37JV tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp dpt:31374 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp dpt:30920 | |
| 0 0 KUBE-SVC-7GKTSNE6GNAIQCMZ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp dpt:30920 | |
| Chain KUBE-POSTROUTING (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 7 420 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000 | |
| Chain KUBE-SEP-26EDTD2Y3M2VLBI3 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.130 0.0.0.0/0 /* default/nginx: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ tcp to:192.168.126.130:80 | |
| Chain KUBE-SEP-2BT5KFLOVD7BXWCV (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.14.17 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.14.17:80 | |
| Chain KUBE-SEP-2IPKXRKEC5SAIV7G (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.134 0.0.0.0/0 /* default/kuard: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ tcp to:192.168.126.134:8080 | |
| Chain KUBE-SEP-33HYPSN4IT6VKU7F (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.24.13 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.24.13:80 | |
| Chain KUBE-SEP-3KATSLZWKIRYFGC2 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.8.132 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.8.132:80 | |
| Chain KUBE-SEP-4BHHU3IWEGJOUCNL (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.136 0.0.0.0/0 /* gimbal-contour/contour:xds */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/contour:xds */ tcp to:192.168.126.136:8001 | |
| Chain KUBE-SEP-4WJI4X6STELUDQOP (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.31.65 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.31.65:443 | |
| Chain KUBE-SEP-6FD66HBLJLL3S7Z5 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.243.194 0.0.0.0/0 /* kube-system/kube-dns:dns */ | |
| 0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:192.168.243.194:53 | |
| Chain KUBE-SEP-6MBE2UD74NX5VQG7 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.5.212 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.5.212:80 | |
| Chain KUBE-SEP-7545D7CDZOX7WHXH (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.133 0.0.0.0/0 /* gimbal-monitoring/prometheus-alertmanager:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus-alertmanager:http */ tcp to:192.168.126.133:9093 | |
| Chain KUBE-SEP-AMQ2QL2AZFTYML2T (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.129 0.0.0.0/0 /* gimbal-monitoring/prometheus:prometheus */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus:prometheus */ tcp to:192.168.126.129:9090 | |
| Chain KUBE-SEP-CFDJGCTPU2O3A76M (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.5.212 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.5.212:443 | |
| Chain KUBE-SEP-CLDNRYYF75LH5NJB (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.27.141 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.27.141:80 | |
| Chain KUBE-SEP-DNY4K4TAO4O4PARO (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.131 0.0.0.0/0 /* default/kuard: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ tcp to:192.168.126.131:8080 | |
| Chain KUBE-SEP-FH7QPIRIIJWDKONQ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.0.216 0.0.0.0/0 /* kube-system/calico-etcd: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/calico-etcd: */ tcp to:10.0.0.216:6666 | |
| Chain KUBE-SEP-FU3UCWDXPUNUTUOV (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.0.216 0.0.0.0/0 /* default/kubernetes:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-FU3UCWDXPUNUTUOV side: source mask: 255.255.255.255 tcp to:10.0.0.216:6443 | |
| Chain KUBE-SEP-GBJODNXULY5CVANQ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.138 0.0.0.0/0 /* default/kuard: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ tcp to:192.168.126.138:8080 | |
| Chain KUBE-SEP-GQTCLTHCGSFEF7LZ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.16.242 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.16.242:443 | |
| Chain KUBE-SEP-H35PYH3J67LECECV (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.31.65 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.31.65:80 | |
| Chain KUBE-SEP-HEGDXEQ57YPN3U24 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.24.13 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.24.13:443 | |
| Chain KUBE-SEP-JY34KYUIEVIDSNCX (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.27.141 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.27.141:443 | |
| Chain KUBE-SEP-KBOMVPA3T3U5IKIB (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.13.176 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 2 120 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.13.176:80 | |
| Chain KUBE-SEP-LI6PJOEPHH5JSHOY (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.16.242 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.16.242:80 | |
| Chain KUBE-SEP-NPXS72ITJNHP5LVC (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.132 0.0.0.0/0 /* default/nginx: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ tcp to:192.168.126.132:80 | |
| Chain KUBE-SEP-QRSDVN45ZJBP464R (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.243.194 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:192.168.243.194:53 | |
| Chain KUBE-SEP-SET5JHSDLPZMFAFN (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.139 0.0.0.0/0 /* gimbal-contour/contour:xds */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/contour:xds */ tcp to:192.168.126.139:8001 | |
| Chain KUBE-SEP-SXTBEUF7ZWLK3HT4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.135 0.0.0.0/0 /* gimbal-monitoring/grafana:http */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/grafana:http */ tcp to:192.168.126.135:3000 | |
| Chain KUBE-SEP-TQPFPD57AKTANVCT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.2.182 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.2.182:443 | |
| Chain KUBE-SEP-UA3IK5Q24DKVAOS4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.26.64 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.26.64:80 | |
| Chain KUBE-SEP-UVIO6OVB4DLK3B6U (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.243.193 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ tcp to:192.168.243.193:8443 | |
| Chain KUBE-SEP-WS56KTDQD6YZ6KPM (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.137 0.0.0.0/0 /* default/nginx: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ tcp to:192.168.126.137:80 | |
| Chain KUBE-SEP-XCQAW74VJHYUORKF (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.26.64 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.26.64:443 | |
| Chain KUBE-SEP-YHSANM274RK3LXD2 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.8.132 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.8.132:443 | |
| Chain KUBE-SEP-YNPYCAWNFQ4S7UEN (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.2.182 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| 1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ tcp to:10.0.2.182:80 | |
| Chain KUBE-SEP-YWA4LP2ZOXAARHJE (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 192.168.126.129 0.0.0.0/0 /* gimbal-monitoring/prometheus:alertmanager */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus:alertmanager */ tcp to:192.168.126.129:9093 | |
| Chain KUBE-SEP-ZL2ITM2FK4NVXK5I (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.14.17 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.14.17:443 | |
| Chain KUBE-SEP-ZVCUH2AH4TUV5WRX (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.0.13.176 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ tcp to:10.0.13.176:443 | |
| Chain KUBE-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.241.108 /* kube-system/kubernetes-dashboard: cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-XGLOHA7QRQ3V22RZ tcp -- * * 0.0.0.0/0 10.96.241.108 /* kube-system/kubernetes-dashboard: cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.99.85.154 /* gimbal-monitoring/prometheus-alertmanager:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-G65T4O2MFTHDUTP4 tcp -- * * 0.0.0.0/0 10.99.85.154 /* gimbal-monitoring/prometheus-alertmanager:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.111.14.51 /* gimbal-monitoring/grafana:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-J4UFY7V774FZD53P tcp -- * * 0.0.0.0/0 10.111.14.51 /* gimbal-monitoring/grafana:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.177.229 /* default/kuard: cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-CUXC5A3HHHVSSN62 tcp -- * * 0.0.0.0/0 10.96.177.229 /* default/kuard: cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 | |
| 0 0 KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- * * 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.232.136 /* kube-system/calico-etcd: cluster IP */ tcp dpt:6666 | |
| 0 0 KUBE-SVC-NTYB37XIWATNM25Y tcp -- * * 0.0.0.0/0 10.96.232.136 /* kube-system/calico-etcd: cluster IP */ tcp dpt:6666 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.106.110.103 /* gimbal-monitoring/prometheus:alertmanager cluster IP */ tcp dpt:9093 | |
| 0 0 KUBE-SVC-243SO42FGIGQCAFA tcp -- * * 0.0.0.0/0 10.106.110.103 /* gimbal-monitoring/prometheus:alertmanager cluster IP */ tcp dpt:9093 | |
| 0 0 KUBE-MARK-MASQ udp -- * * !192.168.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 | |
| 0 0 KUBE-SVC-TCOU7JCQXEZGVUNU udp -- * * 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 | |
| 2 120 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.98.248.116 /* gimbal-contour/contour:xds cluster IP */ tcp dpt:8001 | |
| 2 120 KUBE-SVC-2BA23KRJACDGL5RY tcp -- * * 0.0.0.0/0 10.98.248.116 /* gimbal-contour/contour:xds cluster IP */ tcp dpt:8001 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.100.91.239 /* default/nginx: cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-4N57TFCL4MD7ZTDA tcp -- * * 0.0.0.0/0 10.100.91.239 /* default/nginx: cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.101.132.1 /* gimbal-contour/envoy:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-VGUGL7TZFANW37JV tcp -- * * 0.0.0.0/0 10.101.132.1 /* gimbal-contour/envoy:http cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.101.132.1 /* gimbal-contour/envoy:https cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-7GKTSNE6GNAIQCMZ tcp -- * * 0.0.0.0/0 10.101.132.1 /* gimbal-contour/envoy:https cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-MARK-MASQ tcp -- * * !192.168.0.0/16 10.106.110.103 /* gimbal-monitoring/prometheus:prometheus cluster IP */ tcp dpt:9090 | |
| 0 0 KUBE-SVC-Y5RKNB4LCQCQFTMW tcp -- * * 0.0.0.0/0 10.106.110.103 /* gimbal-monitoring/prometheus:prometheus cluster IP */ tcp dpt:9090 | |
| 13 780 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL | |
| Chain KUBE-SVC-243SO42FGIGQCAFA (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-YWA4LP2ZOXAARHJE all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus:alertmanager */ | |
| Chain KUBE-SVC-2BA23KRJACDGL5RY (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1 60 KUBE-SEP-4BHHU3IWEGJOUCNL all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/contour:xds */ statistic mode random probability 0.50000000000 | |
| 1 60 KUBE-SEP-SET5JHSDLPZMFAFN all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/contour:xds */ | |
| Chain KUBE-SVC-4N57TFCL4MD7ZTDA (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-26EDTD2Y3M2VLBI3 all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ statistic mode random probability 0.33332999982 | |
| 0 0 KUBE-SEP-NPXS72ITJNHP5LVC all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-WS56KTDQD6YZ6KPM all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/nginx: */ | |
| Chain KUBE-SVC-7GKTSNE6GNAIQCMZ (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-ZVCUH2AH4TUV5WRX all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.10000000009 | |
| 0 0 KUBE-SEP-ZL2ITM2FK4NVXK5I all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.11110999994 | |
| 0 0 KUBE-SEP-GQTCLTHCGSFEF7LZ all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.12500000000 | |
| 0 0 KUBE-SEP-TQPFPD57AKTANVCT all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.14286000002 | |
| 0 0 KUBE-SEP-HEGDXEQ57YPN3U24 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.16667000018 | |
| 0 0 KUBE-SEP-XCQAW74VJHYUORKF all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.20000000019 | |
| 0 0 KUBE-SEP-JY34KYUIEVIDSNCX all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.25000000000 | |
| 0 0 KUBE-SEP-4WJI4X6STELUDQOP all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.33332999982 | |
| 0 0 KUBE-SEP-CFDJGCTPU2O3A76M all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-YHSANM274RK3LXD2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:https */ | |
| Chain KUBE-SVC-CUXC5A3HHHVSSN62 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-DNY4K4TAO4O4PARO all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ statistic mode random probability 0.33332999982 | |
| 0 0 KUBE-SEP-2IPKXRKEC5SAIV7G all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-GBJODNXULY5CVANQ all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kuard: */ | |
| Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-QRSDVN45ZJBP464R all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ | |
| Chain KUBE-SVC-G65T4O2MFTHDUTP4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-7545D7CDZOX7WHXH all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus-alertmanager:http */ | |
| Chain KUBE-SVC-J4UFY7V774FZD53P (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-SXTBEUF7ZWLK3HT4 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/grafana:http */ | |
| Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-FU3UCWDXPUNUTUOV all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-FU3UCWDXPUNUTUOV side: source mask: 255.255.255.255 | |
| 0 0 KUBE-SEP-FU3UCWDXPUNUTUOV all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ | |
| Chain KUBE-SVC-NTYB37XIWATNM25Y (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-FH7QPIRIIJWDKONQ all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/calico-etcd: */ | |
| Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-6FD66HBLJLL3S7Z5 all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ | |
| Chain KUBE-SVC-VGUGL7TZFANW37JV (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 2 120 KUBE-SEP-KBOMVPA3T3U5IKIB all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.10000000009 | |
| 0 0 KUBE-SEP-2BT5KFLOVD7BXWCV all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.11110999994 | |
| 0 0 KUBE-SEP-LI6PJOEPHH5JSHOY all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.12500000000 | |
| 1 60 KUBE-SEP-YNPYCAWNFQ4S7UEN all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.14286000002 | |
| 1 60 KUBE-SEP-33HYPSN4IT6VKU7F all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.16667000018 | |
| 1 60 KUBE-SEP-UA3IK5Q24DKVAOS4 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.20000000019 | |
| 1 60 KUBE-SEP-CLDNRYYF75LH5NJB all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.25000000000 | |
| 0 0 KUBE-SEP-H35PYH3J67LECECV all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.33332999982 | |
| 1 60 KUBE-SEP-6MBE2UD74NX5VQG7 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-3KATSLZWKIRYFGC2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-contour/envoy:http */ | |
| Chain KUBE-SVC-XGLOHA7QRQ3V22RZ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-UVIO6OVB4DLK3B6U all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ | |
| Chain KUBE-SVC-Y5RKNB4LCQCQFTMW (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-AMQ2QL2AZFTYML2T all -- * * 0.0.0.0/0 0.0.0.0/0 /* gimbal-monitoring/prometheus:prometheus */ | |
| Chain cali-OUTPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 382 23176 cali-fip-dnat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GBTAv2p5CwevEyJm */ | |
| Chain cali-POSTROUTING (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1072 64576 cali-fip-snat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Z-c7XtVd2Bq7s_hA */ | |
| 1072 64576 cali-nat-outgoing all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nYKhEzDlr11Jccal */ | |
| 38 2280 MASQUERADE all -- * tunl0 0.0.0.0/0 0.0.0.0/0 /* cali:JHlpT-eSqR1TvyYm */ ADDRTYPE match src-type !LOCAL limit-out ADDRTYPE match src-type LOCAL | |
| Chain cali-PREROUTING (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1454 87240 cali-fip-dnat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:r6XmIziWUJsdOK6Z */ | |
| Chain cali-fip-dnat (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-fip-snat (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-nat-outgoing (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Wd76s91357Uv7N3v */ match-set cali4-masq-ipam-pools src ! match-set cali4-all-ipam-pools dst |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment