Created
April 5, 2016 18:07
-
-
Save bitwalker/fe4d4fe2c692730fac1fcc241cd1ac4d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [centos@ip-172-22-245-135 ~]$ sudo iptables -L -n -v | |
| Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 681K 129M ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 /* traffic from docker for internet */ | |
| 743K 517M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 4789 /* 001 vxlan incoming */ | |
| 2825K 2958M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | |
| 336 29457 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 59589 3575K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 | |
| 1786 99404 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 | |
| 6827 429K OS_FIREWALL_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 3101 207K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited | |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 9 32186 DOCKER all -- * lbr0 0.0.0.0/0 0.0.0.0/0 | |
| 9 32186 ACCEPT all -- * lbr0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| 0 0 ACCEPT all -- lbr0 !lbr0 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- lbr0 lbr0 0.0.0.0/0 0.0.0.0/0 | |
| 11M 5149M ACCEPT all -- * * 10.1.0.0/16 0.0.0.0/0 | |
| 3316K 4227M ACCEPT all -- * * 0.0.0.0/0 10.1.0.0/16 | |
| 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED | |
| 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited | |
| Chain OUTPUT (policy ACCEPT 2304 packets, 322K bytes) | |
| pkts bytes target prot opt in out source destination | |
| 3549K 4031M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| Chain DOCKER (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SERVICES (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.15.31 /* logging/logging-kibana-ops: has no endpoints */ tcp dpt:443 reject-with icmp-port-unreachable | |
| 0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.249.191 /* sc-report/whatever:8080-tcp has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable | |
| 0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.18.77 /* example/phoenix-example:5000-tcp has no endpoints */ tcp dpt:5000 reject-with icmp-port-unreachable | |
| 0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.226.53 /* python-ex/python-ex:8080-tcp has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable | |
| 0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.85.174 /* default/docker-registry:5000-tcp has no endpoints */ tcp dpt:5000 reject-with icmp-port-unreachable | |
| 0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.125.0 /* sc-report/nodejs-example:web has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable | |
| 0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.45.174 /* sc-report/sc-report:8080-tcp has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable | |
| 0 0 REJECT tcp -- * * 0.0.0.0/0 172.30.89.145 /* logging/logging-es-ops: has no endpoints */ tcp dpt:9200 reject-with icmp-port-unreachable | |
| Chain OS_FIREWALL_ALLOW (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 3072 184K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10250 | |
| 195 10244 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 | |
| 459 28044 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10255 | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:10255 | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:4789 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [centos@ip-172-22-245-135 ~]$ sudo iptables -t nat -L -n -v | |
| Chain PREROUTING (policy ACCEPT 143 packets, 15024 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 1174K 126M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 157K 37M DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL | |
| Chain INPUT (policy ACCEPT 139 packets, 14724 bytes) | |
| pkts bytes target prot opt in out source destination | |
| Chain OUTPUT (policy ACCEPT 462 packets, 34164 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 519K 50M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
| 0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL | |
| Chain POSTROUTING (policy ACCEPT 462 packets, 34164 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 1536K 139M KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */ | |
| 1207K 101M MASQUERADE all -- * !lbr0 10.1.1.0/24 0.0.0.0/0 | |
| 1 84 MASQUERADE all -- * * 10.1.0.0/16 !10.1.0.0/16 | |
| 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 | |
| Chain DOCKER (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-MARK-MASQ (13 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 | |
| Chain KUBE-NODEPORTS (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-POSTROUTING (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000 | |
| Chain KUBE-SEP-3FFFU3GRWW672DY4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.1.3.10 0.0.0.0/0 /* example/node-test:3000-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* example/node-test:3000-tcp */ tcp to:10.1.3.10:3000 | |
| Chain KUBE-SEP-4BN4Q5DZZLMRJNIB (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.1.2.142 0.0.0.0/0 /* example/express:3000-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* example/express:3000-tcp */ tcp to:10.1.2.142:3000 | |
| Chain KUBE-SEP-5AMZJJLWITY4BZ55 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.1.3.100 0.0.0.0/0 /* logging/logging-es: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-es: */ tcp to:10.1.3.100:9200 | |
| Chain KUBE-SEP-EDX7I3OQPLBHQQHE (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 172.22.186.107 0.0.0.0/0 /* default/kubernetes:dns-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:dns-tcp */ tcp to:172.22.186.107:53 | |
| Chain KUBE-SEP-EZOMAFYU7TFOW2WR (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 172.22.186.107 0.0.0.0/0 /* default/kubernetes:dns */ | |
| 0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:dns */ udp to:172.22.186.107:53 | |
| Chain KUBE-SEP-GL6LUTT4HSQ5BGTS (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.1.1.58 0.0.0.0/0 /* examples/deployment-example:8080-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* examples/deployment-example:8080-tcp */ tcp to:10.1.1.58:8080 | |
| Chain KUBE-SEP-HQIYTXIQ7JWVB7J5 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.1.3.103 0.0.0.0/0 /* logging/logging-kibana: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-kibana: */ tcp to:10.1.3.103:3000 | |
| Chain KUBE-SEP-LCVT22FCM7KBVKCD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 172.22.245.135 0.0.0.0/0 /* default/router:80-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:80-tcp */ tcp to:172.22.245.135:80 | |
| Chain KUBE-SEP-PHAWW3ODVTFD4CIT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 172.22.245.135 0.0.0.0/0 /* default/router:1936-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:1936-tcp */ tcp to:172.22.245.135:1936 | |
| Chain KUBE-SEP-RPAUWPJ7MEEPDHIV (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.1.2.11 0.0.0.0/0 /* example/deployment-example:8080-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* example/deployment-example:8080-tcp */ tcp to:10.1.2.11:8080 | |
| Chain KUBE-SEP-W4OMTRPPLQAB4QDY (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 10.1.2.136 0.0.0.0/0 /* logging/logging-es: */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-es: */ tcp to:10.1.2.136:9200 | |
| Chain KUBE-SEP-WXFBZ657UKUAPQKT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 172.22.186.107 0.0.0.0/0 /* default/kubernetes:https */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ tcp to:172.22.186.107:8443 | |
| Chain KUBE-SEP-XL6UVOXWRRFJXNEL (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-MARK-MASQ all -- * * 172.22.245.135 0.0.0.0/0 /* default/router:443-tcp */ | |
| 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:443-tcp */ tcp to:172.22.245.135:443 | |
| Chain KUBE-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SVC-BA6I5HTZKAAAJT56 tcp -- * * 0.0.0.0/0 172.30.0.1 /* default/kubernetes:dns-tcp cluster IP */ tcp dpt:53 | |
| 0 0 KUBE-SVC-MVEOC3KQXP26WZMX tcp -- * * 0.0.0.0/0 172.30.134.63 /* example/deployment-example:8080-tcp cluster IP */ tcp dpt:8080 | |
| 0 0 KUBE-SVC-GQKZAHCS5DTMHUQ6 tcp -- * * 0.0.0.0/0 172.30.199.39 /* default/router:80-tcp cluster IP */ tcp dpt:80 | |
| 0 0 KUBE-SVC-GNQKRDLPFWE3LILX tcp -- * * 0.0.0.0/0 172.30.15.31 /* logging/logging-kibana-ops: cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-FSH7N57EENK63AIB tcp -- * * 0.0.0.0/0 172.30.86.186 /* examples/deployment-example:8080-tcp cluster IP */ tcp dpt:8080 | |
| 0 0 KUBE-SVC-MGUCQ3MEKFLFZD5D tcp -- * * 0.0.0.0/0 172.30.249.191 /* sc-report/whatever:8080-tcp cluster IP */ tcp dpt:8080 | |
| 0 0 KUBE-SVC-TV6NXBMSG6DOA4QY tcp -- * * 0.0.0.0/0 172.30.18.77 /* example/phoenix-example:5000-tcp cluster IP */ tcp dpt:5000 | |
| 0 0 KUBE-SVC-QYGJJXVQ2UYGAWS7 tcp -- * * 0.0.0.0/0 172.30.226.53 /* python-ex/python-ex:8080-tcp cluster IP */ tcp dpt:8080 | |
| 0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 172.30.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-3VQ6B3MLH7E2SZT4 udp -- * * 0.0.0.0/0 172.30.0.1 /* default/kubernetes:dns cluster IP */ udp dpt:53 | |
| 0 0 KUBE-SVC-IKV43KYNCXS2W7KZ tcp -- * * 0.0.0.0/0 172.30.199.39 /* default/router:443-tcp cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-4JCRTMMYZAAYMIJ2 tcp -- * * 0.0.0.0/0 172.30.199.39 /* default/router:1936-tcp cluster IP */ tcp dpt:1936 | |
| 0 0 KUBE-SVC-ECTPRXTXBM34L34Q tcp -- * * 0.0.0.0/0 172.30.85.174 /* default/docker-registry:5000-tcp cluster IP */ tcp dpt:5000 | |
| 0 0 KUBE-SVC-BWSQUABZDDFLJOKN tcp -- * * 0.0.0.0/0 172.30.78.126 /* logging/logging-es: cluster IP */ tcp dpt:9200 | |
| 0 0 KUBE-SVC-JP6JYE3JDMJ747NX tcp -- * * 0.0.0.0/0 172.30.1.121 /* logging/logging-kibana: cluster IP */ tcp dpt:443 | |
| 0 0 KUBE-SVC-5UUV63F72STAGP5R tcp -- * * 0.0.0.0/0 172.30.125.0 /* sc-report/nodejs-example:web cluster IP */ tcp dpt:8080 | |
| 0 0 KUBE-SVC-POL4FA372DYH6IF5 tcp -- * * 0.0.0.0/0 172.30.9.207 /* example/express:3000-tcp cluster IP */ tcp dpt:3000 | |
| 0 0 KUBE-SVC-AJC7VGAIP4GTP57I tcp -- * * 0.0.0.0/0 172.30.45.174 /* sc-report/sc-report:8080-tcp cluster IP */ tcp dpt:8080 | |
| 0 0 KUBE-SVC-5G7SPSMEXDFK427C tcp -- * * 0.0.0.0/0 172.30.134.82 /* example/node-test:3000-tcp cluster IP */ tcp dpt:3000 | |
| 0 0 KUBE-SVC-ML4GI5VB2QZ57S66 tcp -- * * 0.0.0.0/0 172.30.89.145 /* logging/logging-es-ops: cluster IP */ tcp dpt:9200 | |
| 143 15024 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL | |
| Chain KUBE-SVC-3VQ6B3MLH7E2SZT4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-EZOMAFYU7TFOW2WR all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:dns */ | |
| Chain KUBE-SVC-4JCRTMMYZAAYMIJ2 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-PHAWW3ODVTFD4CIT all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:1936-tcp */ | |
| Chain KUBE-SVC-5G7SPSMEXDFK427C (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-3FFFU3GRWW672DY4 all -- * * 0.0.0.0/0 0.0.0.0/0 /* example/node-test:3000-tcp */ | |
| Chain KUBE-SVC-5UUV63F72STAGP5R (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SVC-AJC7VGAIP4GTP57I (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SVC-BA6I5HTZKAAAJT56 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-EDX7I3OQPLBHQQHE all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:dns-tcp */ | |
| Chain KUBE-SVC-BWSQUABZDDFLJOKN (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-W4OMTRPPLQAB4QDY all -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-es: */ statistic mode random probability 0.50000000000 | |
| 0 0 KUBE-SEP-5AMZJJLWITY4BZ55 all -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-es: */ | |
| Chain KUBE-SVC-ECTPRXTXBM34L34Q (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SVC-FSH7N57EENK63AIB (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-GL6LUTT4HSQ5BGTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* examples/deployment-example:8080-tcp */ | |
| Chain KUBE-SVC-GNQKRDLPFWE3LILX (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SVC-GQKZAHCS5DTMHUQ6 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-LCVT22FCM7KBVKCD all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:80-tcp */ | |
| Chain KUBE-SVC-IKV43KYNCXS2W7KZ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-XL6UVOXWRRFJXNEL all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/router:443-tcp */ | |
| Chain KUBE-SVC-JP6JYE3JDMJ747NX (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-HQIYTXIQ7JWVB7J5 all -- * * 0.0.0.0/0 0.0.0.0/0 /* logging/logging-kibana: */ | |
| Chain KUBE-SVC-MGUCQ3MEKFLFZD5D (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SVC-ML4GI5VB2QZ57S66 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SVC-MVEOC3KQXP26WZMX (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-RPAUWPJ7MEEPDHIV all -- * * 0.0.0.0/0 0.0.0.0/0 /* example/deployment-example:8080-tcp */ | |
| Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-WXFBZ657UKUAPQKT all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ | |
| Chain KUBE-SVC-POL4FA372DYH6IF5 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 KUBE-SEP-4BN4Q5DZZLMRJNIB all -- * * 0.0.0.0/0 0.0.0.0/0 /* example/express:3000-tcp */ | |
| Chain KUBE-SVC-QYGJJXVQ2UYGAWS7 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SVC-TV6NXBMSG6DOA4QY (1 references) | |
| pkts bytes target prot opt in out source destination |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment