Created
September 10, 2025 08:19
-
-
Save fmuyassarov/2a219a2326ddaa115aa20a4dc049f38b to your computer and use it in GitHub Desktop.
calico_ipvs_1.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Chain INPUT (policy ACCEPT 827M packets, 270G bytes) | |
| pkts bytes target prot opt in out source destination | |
| 188K 152M cali-INPUT all -- any any anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c */ | |
| 236K 191M KUBE-IPVS-FILTER all -- any any anywhere anywhere /* kubernetes ipvs access filter */ | |
| 236K 191M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere /* kube-proxy firewall rules */ | |
| 236K 191M KUBE-NODE-PORT all -- any any anywhere anywhere /* kubernetes health check rules */ | |
| 12M 717M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */ | |
| 827M 270G KUBE-NODEPORTS all -- any any anywhere anywhere /* kubernetes health check service ports */ | |
| 12M 717M KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */ | |
| 827M 270G KUBE-FIREWALL all -- any any anywhere anywhere | |
| Chain FORWARD (policy ACCEPT 2 packets, 181 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 16 2110 cali-FORWARD all -- any any anywhere anywhere /* cali:wUHhoiAYhphO9Mso */ | |
| 8 714 KUBE-PROXY-FIREWALL all -- any any anywhere anywhere /* kube-proxy firewall rules */ | |
| 817K 87M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */ | |
| 1164K 1940M KUBE-FORWARD all -- any any anywhere anywhere /* kubernetes forwarding rules */ | |
| 817K 87M KUBE-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes service portals */ | |
| 816K 87M KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */ | |
| 816K 87M DOCKER-USER all -- any any anywhere anywhere | |
| 816K 87M DOCKER-FORWARD all -- any any anywhere anywhere | |
| 8 714 ACCEPT all -- any any anywhere anywhere /* cali:S93hcgKJrXEqnTfs */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000 | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:mp77cMpurHhyjLrM */ MARK or 0x10000 | |
| Chain OUTPUT (policy ACCEPT 882M packets, 293G bytes) | |
| pkts bytes target prot opt in out source destination | |
| 188K 153M cali-OUTPUT all -- any any anywhere anywhere /* cali:tVnHkvAo15HuiPy0 */ | |
| 240K 193M KUBE-IPVS-OUT-FILTER all -- any any anywhere anywhere /* kubernetes ipvs access filter */ | |
| 15M 882M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */ | |
| 15M 882M KUBE-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes service portals */ | |
| 882M 293G KUBE-FIREWALL all -- any any anywhere anywhere | |
| Chain DOCKER (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT tcp -- !br-bc18ce9c999c br-bc18ce9c999c anywhere 172.18.0.2 tcp dpt:6443 | |
| 0 0 DROP all -- !docker0 docker0 anywhere anywhere | |
| 0 0 DROP all -- !br-bc18ce9c999c br-bc18ce9c999c anywhere anywhere | |
| Chain DOCKER-BRIDGE (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DOCKER all -- any docker0 anywhere anywhere | |
| 0 0 DOCKER all -- any br-bc18ce9c999c anywhere anywhere | |
| Chain DOCKER-CT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED | |
| 0 0 ACCEPT all -- any br-bc18ce9c999c anywhere anywhere ctstate RELATED,ESTABLISHED | |
| Chain DOCKER-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 816K 87M DOCKER-CT all -- any any anywhere anywhere | |
| 816K 87M DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere | |
| 816K 87M DOCKER-BRIDGE all -- any any anywhere anywhere | |
| 3502 219K ACCEPT all -- docker0 any anywhere anywhere | |
| 453 27180 ACCEPT all -- br-bc18ce9c999c any anywhere anywhere | |
| Chain DOCKER-ISOLATION-STAGE-1 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 3502 219K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere | |
| 453 27180 DOCKER-ISOLATION-STAGE-2 all -- br-bc18ce9c999c !br-bc18ce9c999c anywhere anywhere | |
| Chain DOCKER-ISOLATION-STAGE-2 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- any br-bc18ce9c999c anywhere anywhere | |
| 0 0 DROP all -- any docker0 anywhere anywhere | |
| Chain DOCKER-USER (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 816K 87M RETURN all -- any any anywhere anywhere | |
| Chain KUBE-EXTERNAL-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-FIREWALL (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- any any !localhost/8 localhost/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT | |
| Chain KUBE-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* kubernetes forwarding rules */ mark match 0x4000/0x4000 | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED | |
| Chain KUBE-IPVS-FILTER (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 RETURN all -- any any anywhere anywhere match-set KUBE-LOAD-BALANCER dst,dst | |
| 0 0 RETURN all -- any any anywhere anywhere match-set KUBE-CLUSTER-IP dst,dst | |
| 0 0 RETURN all -- any any anywhere anywhere match-set KUBE-EXTERNAL-IP dst,dst | |
| 0 0 RETURN all -- any any anywhere anywhere match-set KUBE-EXTERNAL-IP-LOCAL dst,dst | |
| 0 0 RETURN all -- any any anywhere anywhere match-set KUBE-HEALTH-CHECK-NODE-PORT dst | |
| 0 0 REJECT all -- any any anywhere anywhere ctstate NEW match-set KUBE-IPVS-IPS dst reject-with icmp-port-unreachable | |
| Chain KUBE-IPVS-OUT-FILTER (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-KUBELET-CANARY (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-NODE-PORT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* Kubernetes health check node port */ match-set KUBE-HEALTH-CHECK-NODE-PORT dst | |
| Chain KUBE-NODEPORTS (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-PROXY-CANARY (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-PROXY-FIREWALL (5 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SOURCE-RANGES-FIREWALL (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- any any anywhere anywhere | |
| Chain cali-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 18M 13G MARK all -- any any anywhere anywhere /* cali:W_vvds1Nw3n9QE2f */ MARK and 0xffe5ffff | |
| 18M 13G cali-from-hep-forward all -- any any anywhere anywhere /* cali:ZfgmjuiLaA8Pg0kp */ mark match 0x0/0x10000 | |
| 18M 10G cali-from-wl-dispatch all -- cali+ any anywhere anywhere /* cali:tAzwBLPaV-j53OOZ */ | |
| 971K 506M cali-to-wl-dispatch all -- any cali+ anywhere anywhere /* cali:4Z0Pf0byo05NFe-P */ | |
| 1164K 1940M cali-to-hep-forward all -- any any anywhere anywhere /* cali:hQ7Oc16wmUtLuneJ */ | |
| 1164K 1940M cali-cidr-block all -- any any anywhere anywhere /* cali:rnKNH2WxGcRQcIlD */ | |
| Chain cali-INPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT udp -- any any anywhere anywhere /* cali:J76FwxInZIsk7uKY */ /* Allow IPv4 VXLAN packets from allowed hosts */ multiport dports 4789 match-set cali40all-vxlan-net src ADDRTYPE match dst-type LOCAL | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:EDCNTTxYfggApx8C */ /* Drop IPv4 VXLAN packets from non-allowed hosts */ multiport dports 4789 ADDRTYPE match dst-type LOCAL | |
| 188K 152M MARK all -- any any anywhere anywhere /* cali:Hz1t719gvzQYArBa */ MARK and 0x1fffff | |
| 188K 152M cali-forward-check all -- any any anywhere anywhere /* cali:rt1ceUt-QunCljVo */ | |
| 19 1314 RETURN all -- any any anywhere anywhere /* cali:5TfExhsEygaw5WNP */ mark match ! 0x0/0xffe00000 | |
| 3925 1055K cali-wl-to-host all -- cali+ any anywhere anywhere [goto] /* cali:j6OiaG2jjZFeTZte */ | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:WU4wJ9petBl26un4 */ mark match 0x10000/0x10000 | |
| 184K 151M MARK all -- any any anywhere anywhere /* cali:_mSLQGQIis29dwhH */ MARK and 0xffe4ffff | |
| 184K 151M cali-from-host-endpoint all -- any any anywhere anywhere /* cali:pt2p0_J8ELXMHiay */ | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:-4XE-lAiaxcnxl-8 */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000 | |
| Chain cali-OUTPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:Mq1_rAdXXH3YkrzW */ mark match 0x10000/0x10000 | |
| 0 0 cali-forward-endpoint-mark all -- any any anywhere anywhere [goto] /* cali:WNHnGdgrUWvfYkdH */ mark match ! 0x0/0xffe00000 | |
| 3974 1561K RETURN all -- any cali+ anywhere anywhere /* cali:Up2wGMO6nRDp24b- */ | |
| 0 0 ACCEPT udp -- any any anywhere anywhere /* cali:QsE5fnM-jCO2_R_T */ /* Allow IPv4 VXLAN packets to other allowed hosts */ multiport dports 4789 ADDRTYPE match src-type LOCAL match-set cali40all-vxlan-net dst | |
| 184K 151M MARK all -- any any anywhere anywhere /* cali:y338Pv7g73V_m9Wq */ MARK and 0xffe4ffff | |
| 184K 151M cali-to-host-endpoint all -- any any anywhere anywhere /* cali:6tWiGowqka9jSA7w */ ! ctstate DNAT | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:2rC7tEofqr0eOMMq */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000 | |
| Chain cali-cidr-block (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-forward-check (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 187K 152M RETURN all -- any any anywhere anywhere /* cali:Pbldlb4FaULvpdD8 */ ctstate RELATED,ESTABLISHED | |
| 0 0 cali-set-endpoint-mark tcp -- any any anywhere anywhere [goto] /* cali:ZD-6UxuUtGW-xtzg */ /* To kubernetes NodePort service */ multiport dports 30000:32767 match-set cali40this-host dst | |
| 0 0 cali-set-endpoint-mark udp -- any any anywhere anywhere [goto] /* cali:CbPfUajQ2bFVnDq4 */ /* To kubernetes NodePort service */ multiport dports 30000:32767 match-set cali40this-host dst | |
| 19 1314 cali-set-endpoint-mark all -- any any anywhere anywhere /* cali:jmhU0ODogX-Zfe5g */ /* To kubernetes service */ ! match-set cali40this-host dst | |
| Chain cali-forward-endpoint-mark (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-from-endpoint-mark all -- any any anywhere anywhere /* cali:VYFqh16JYiw3cgNB */ mark match ! 0x200000/0xffe00000 | |
| 0 0 cali-to-wl-dispatch all -- any cali+ anywhere anywhere /* cali:2lKRDazGTrGrCwLx */ | |
| 0 0 cali-to-hep-forward all -- any any anywhere anywhere /* cali:loGDq4znkQ2ypegW */ | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:KVrWUDPOw87B6a-K */ MARK and 0x1fffff | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:G-_uEKDzkg-3A3cw */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000 | |
| Chain cali-from-endpoint-mark (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-fw-cali1927ac942cc all -- any any anywhere anywhere [goto] /* cali:Q85rtvJhL-zFweQq */ mark match 0xcc000000/0xffe00000 | |
| 0 0 cali-fw-cali1df5018ae1f all -- any any anywhere anywhere [goto] /* cali:UldKNcOuSlxfTuzb */ mark match 0xf8000000/0xffe00000 | |
| 0 0 cali-fw-cali53a298fdc89 all -- any any anywhere anywhere [goto] /* cali:vEqknj26NOm0j0Cq */ mark match 0xfec00000/0xffe00000 | |
| 0 0 cali-fw-cali5a433393f21 all -- any any anywhere anywhere [goto] /* cali:5sNK0su07kh5x7oT */ mark match 0xbe800000/0xffe00000 | |
| 0 0 cali-fw-calib09e260b500 all -- any any anywhere anywhere [goto] /* cali:6VPlyTtrvSCGmmrK */ mark match 0xb2e00000/0xffe00000 | |
| 0 0 cali-fw-calib66b16815ec all -- any any anywhere anywhere [goto] /* cali:u0DiiD5hTJ8avZjZ */ mark match 0x9b200000/0xffe00000 | |
| 0 0 cali-fw-calid71ef323b8e all -- any any anywhere anywhere [goto] /* cali:vk48_upmTBBSpsKD */ mark match 0x76000000/0xffe00000 | |
| 0 0 cali-fw-calif63fa556511 all -- any any anywhere anywhere [goto] /* cali:xDOJw7Kh5zLKJ1QU */ mark match 0xc2600000/0xffe00000 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:7SByD6UaYKxDckM5 */ /* Unknown interface */ | |
| Chain cali-from-hep-forward (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-host-endpoint (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-wl-dispatch (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 400 34140 cali-from-wl-dispatch-1 all -- cali1+ any anywhere anywhere [goto] /* cali:aA7PbfJxlypkbHNq */ | |
| 1012 113K cali-from-wl-dispatch-5 all -- cali5+ any anywhere anywhere [goto] /* cali:_I5EKc53A4aLViro */ | |
| 96 13512 cali-from-wl-dispatch-b all -- calib+ any anywhere anywhere [goto] /* cali:EbV_1t31_STrvkep */ | |
| 669 389K cali-fw-calid71ef323b8e all -- calid71ef323b8e any anywhere anywhere [goto] /* cali:1nQL1emyFUEbBEtz */ | |
| 197 31120 cali-fw-calif63fa556511 all -- calif63fa556511 any anywhere anywhere [goto] /* cali:U0zSCsS-rFwwIm0A */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:PYs0LOV11cGva0xK */ /* Unknown interface */ | |
| Chain cali-from-wl-dispatch-1 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 402 34292 cali-fw-cali1927ac942cc all -- cali1927ac942cc any anywhere anywhere [goto] /* cali:K5YdT_SSyUF6kdcs */ | |
| 0 0 cali-fw-cali1df5018ae1f all -- cali1df5018ae1f any anywhere anywhere [goto] /* cali:-LH06lgQ5fQ0TGGB */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:1rCbllCQWaiNRML5 */ /* Unknown interface */ | |
| Chain cali-from-wl-dispatch-5 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 422 35725 cali-fw-cali53a298fdc89 all -- cali53a298fdc89 any anywhere anywhere [goto] /* cali:_c1r41My9438ynXz */ | |
| 753 99651 cali-fw-cali5a433393f21 all -- cali5a433393f21 any anywhere anywhere [goto] /* cali:EOHvWMPE51hH4CoD */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:oUjNBbLUFQvG_wny */ /* Unknown interface */ | |
| Chain cali-from-wl-dispatch-b (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-fw-calib09e260b500 all -- calib09e260b500 any anywhere anywhere [goto] /* cali:feeK90vikh5EAgBh */ | |
| 96 13512 cali-fw-calib66b16815ec all -- calib66b16815ec any anywhere anywhere [goto] /* cali:BeU_y_OO7xuM_k6p */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:jlTTTGCRDXGQjHb7 */ /* Unknown interface */ | |
| Chain cali-fw-cali1927ac942cc (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 444 39597 ACCEPT all -- any any anywhere anywhere /* cali:0lWnXEZ1EYQHFY82 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:ZTsBnBr2ezTN2JVJ */ ctstate INVALID | |
| 2 165 MARK all -- any any anywhere anywhere /* cali:RKbbaTbELQ0MaBpb */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:DSu36n3uKeN8LMmc */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:oJ1joC9FR6fh7iQ1 */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 2 165 cali-pro-kns.kube-system all -- any any anywhere anywhere /* cali:YthBfvVru5rhwhsg */ | |
| 2 165 RETURN all -- any any anywhere anywhere /* cali:x8TrfDZDnazwU3Bk */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:xY4_6VRLNjwhq0QM */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:T7HIxd6cLEl5DA6Z */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:_0wCOPgZViH7UDsM */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:j9FrjSvcR_LrqHIx */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali1df5018ae1f (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:NqTc1vvX-EnXLTS2 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:QPohrNipttLgbhlK */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:MCt21qKMiBaxJFfV */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:WoybpoS1KNclFPMS */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:M1uwhQoN61NrsQyY */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:5djP1-fxksusdGXA */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:NRB4GTCjADsKjtCM */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_ymJUz7yzI6NOKJhG2- all -- any any anywhere anywhere /* cali:zj2Qr0jCHHJMsghh */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:87upkvsnPVXKUneL */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:fl5QW4stlJo9bAs9 */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:qK1gH2IyTCUeHNHq */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali53a298fdc89 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 473 42854 ACCEPT all -- any any anywhere anywhere /* cali:Meu-ffNCSTdXPS_- */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:s7hyZewhNKsy146K */ ctstate INVALID | |
| 6 549 MARK all -- any any anywhere anywhere /* cali:17ktwiMHthhfX6nk */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:nHVPTlSemgWuCiZb */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:z5W5sPzTUupsT5UF */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 6 549 cali-pro-kns.kube-system all -- any any anywhere anywhere /* cali:up9jg9tkrKyqkfIE */ | |
| 6 549 RETURN all -- any any anywhere anywhere /* cali:p25LY69uIHe3zwdZ */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:3lQclKlSwZ_-hJTZ */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:RNwt4n-v2-qKNHUP */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:IiON-GH1_yQA0MCp */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:bbMDXZIho5ogi0_e */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali5a433393f21 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 753 99651 ACCEPT all -- any any anywhere anywhere /* cali:H7iOSUyi9LwYqqE4 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:nI6m1TxzdFeSCFDn */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:Mi3-Y7iRU13qlR9I */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:GHVeW2cuv1kslokK */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:v1bpLbi9L6jFyNVw */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:czevP52-tewm6DJW */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:wDSFM_re2jGIGgiV */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_nzzjLvInId1gPHmQz_ all -- any any anywhere anywhere /* cali:09Su_ZnLGd6eKT3t */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:xJ8umt1ejyqblqae */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:fBwoFohkkOOAzSY1 */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:wF5g_pcLxosSbH2A */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calib09e260b500 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:dHwJFHTEO-T322Bz */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:eeV8QXAYikV4PjH4 */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:7ITvcvoGUBWaadpG */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:BMn3UtWQuxnhhEbj */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:KaZza2S4HcwFCX4l */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:mAV5xUbR8CX3t_9U */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-po-_YYnSgB46MA1TYU44kJq all -- any any anywhere anywhere /* cali:mKIzViEfzGEvqjkF */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:VrrDjOVscyOv5Ciw */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:6uwFM8EWJWhJguXH */ mark match 0x0/0x20000 nflog-prefix "DPE|default" nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:4uJW_p4p5erExxSP */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:d_29yVaWn6MotVD4 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:H8qM7jkA7PzGC2Ou */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_jtt6i-KVVwZ-74H4ov all -- any any anywhere anywhere /* cali:kfCdrn-SvdKiasJF */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:xrRrwQWiuJAxCKUk */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:Y8ganH_ThOzC-9y9 */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:uC0rgS_yItZOIyoy */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calib66b16815ec (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 96 13512 ACCEPT all -- any any anywhere anywhere /* cali:jhfQU2Y7A7IReJHA */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:AN0837Lt_uvtjstc */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:KVKRRli3TCUhig2g */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:i8pf7bnOQww0NfsI */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:fGM7ArS3gg3p0Gtj */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:8207_mGvHUvnW8bN */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:uKzfVDQGn-7Vu_6V */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_eY4Bnp6m80Op5FOwqd all -- any any anywhere anywhere /* cali:gmyOEJZlLoqdskyp */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:LEMfXnEjvPTsMCjw */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:Njq16jM0gguXdkHk */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:S4gjzKPTRAMhCFAw */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calid71ef323b8e (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 1606 772K ACCEPT all -- any any anywhere anywhere /* cali:IcdpGaU0DgNru84X */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:uiQua25ZU0yFsOgZ */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:TgZ00F3ZbcF97EGK */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:asGVYoONvFKse_Nu */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:-k3QslJJpNE2pDuQ */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 0 0 cali-pro-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:8vN8plwRwJdLqSUg */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:enNlYVoOopAyg_Dr */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:033jmzTtYMjxCTsy */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:BDmOdnFY2PgrqBLC */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:xxau5_UIUHQfSw84 */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:E_1CropgJ9m2Buoz */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calif63fa556511 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 553 87789 ACCEPT all -- any any anywhere anywhere /* cali:RJLtCEIUQ8oLuM7G */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:LSMgkaDBkm52MFAt */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:h3IwLD0LiM2hJnyI */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:pBwpDbDvn3ubifRd */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:9W-YLasItpqjQpPm */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 0 0 cali-pro-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:5TyiEnY9MzcLNolm */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:UnPNwWnp4y72cavG */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:LtITJwVUv2Ih4Nkc */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:UhFdUQP-PZzUjQKN */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:ID6XgK_EyNqOGO5Q */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:x0GFkGnvDeuW34wJ */ /* Drop if no profiles matched */ | |
| Chain cali-pi-_FDiLImilezd09cpg5ci (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK tcp -- any any anywhere anywhere /* cali:wH4Z-YLtazvrkIUi */ /* Policy calico-apiserver/knp.default.allow-apiserver ingress */ multiport dports 5443 MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:pV3tRI_BN9MkLz81 */ mark match 0x10000/0x10000 nflog-prefix "API0|calico-apiserver/knp.default.allow-apiserver" nflog-group 1 nflog-size 80 | |
| Chain cali-pi-_U7WUiLyTu5Vc3j6v19u (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK tcp -- any any anywhere anywhere /* cali:-1XSFfQZOlUTo8yH */ /* Policy calico-system/knp.default.goldmane ingress */ multiport dports 7443 MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:EMIA5LQXZZkoiYUT */ mark match 0x10000/0x10000 nflog-prefix "API0|calico-system/knp.default.goldmane" nflog-group 1 nflog-size 80 | |
| Chain cali-pi-_YYnSgB46MA1TYU44kJq (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:JBv9xOy5yJdiWKiY */ /* Policy calico-system/knp.default.whisker ingress */ | |
| Chain cali-po-_YYnSgB46MA1TYU44kJq (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK tcp -- any any anywhere anywhere /* cali:WLeBgvgJTxHWj12b */ /* Policy calico-system/knp.default.whisker egress */ match-set cali40s:bgLSTkNhu0BKRQ9zwXjvfbX dst multiport dports 7443 MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:ZCKHAWDzorg1xgU9 */ mark match 0x10000/0x10000 nflog-prefix "APE0|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:3UX05GcN2RCJ36oa */ mark match 0x10000/0x10000 | |
| 0 0 MARK tcp -- any any anywhere anywhere /* cali:8bPWZZY0GvWgDVWB */ match-set cali40s:n27_8wNKytyIy8FV4MfcwNI dst multiport dports domain MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:djKrvOA3jJyhyYiW */ mark match 0x10000/0x10000 nflog-prefix "APE1|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ekAjEdOWCdE3pANn */ mark match 0x10000/0x10000 | |
| 0 0 MARK udp -- any any anywhere anywhere /* cali:ew262h3gUE6ZESH4 */ match-set cali40s:n27_8wNKytyIy8FV4MfcwNI dst multiport dports domain MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:oz5I3LtAEHtfHSTH */ mark match 0x10000/0x10000 nflog-prefix "APE2|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80 | |
| Chain cali-pri-_4yi5_iSUAwsU8zMHTk (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:ZYnaZZFwsSjfXO4C */ /* Profile ksa.calico-apiserver.calico-apiserver ingress */ | |
| Chain cali-pri-_eY4Bnp6m80Op5FOwqd (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:jyhZblM1OzY4DUqi */ /* Profile ksa.calico-system.goldmane ingress */ | |
| Chain cali-pri-_jtt6i-KVVwZ-74H4ov (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:No_RDbsVx31noDvv */ /* Profile ksa.calico-system.whisker ingress */ | |
| Chain cali-pri-_kJqfZpgUe7r2t4A-14 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:IQx0SzlDGn6BPv0A */ /* Profile kns.calico-apiserver ingress */ MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:dHGDmF90Anl0gS_s */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.calico-apiserver" nflog-group 1 nflog-size 80 | |
| Chain cali-pri-_nzzjLvInId1gPHmQz_ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:UQoEf2WCdU0bPTCb */ /* Profile ksa.calico-system.calico-kube-controllers ingress */ | |
| Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:WqgznqAQ-uYV0oBx */ /* Profile ksa.kube-system.coredns ingress */ | |
| Chain cali-pri-_ymJUz7yzI6NOKJhG2- (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:52zm9tLYY65R0fSD */ /* Profile ksa.calico-system.csi-node-driver ingress */ | |
| Chain cali-pri-kns.calico-system (4 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:hLANj-OVIyT53h_j */ /* Profile kns.calico-system ingress */ MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:eDg78bIqr5YAUJqq */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.calico-system" nflog-group 1 nflog-size 80 | |
| Chain cali-pri-kns.kube-system (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:J1TyxtHWd0qaBGK- */ /* Profile kns.kube-system ingress */ MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:GulrEF2fpGf_rDXZ */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.kube-system" nflog-group 1 nflog-size 80 | |
| Chain cali-pro-_4yi5_iSUAwsU8zMHTk (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:Pp_dQp2FeNabRhyi */ /* Profile ksa.calico-apiserver.calico-apiserver egress */ | |
| Chain cali-pro-_eY4Bnp6m80Op5FOwqd (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:2fVOokqK7Gq6i9oT */ /* Profile ksa.calico-system.goldmane egress */ | |
| Chain cali-pro-_jtt6i-KVVwZ-74H4ov (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:57j7D-KvPIuU1Pml */ /* Profile ksa.calico-system.whisker egress */ | |
| Chain cali-pro-_kJqfZpgUe7r2t4A-14 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:_cFTxC141wwWRzyZ */ /* Profile kns.calico-apiserver egress */ MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:f0yo1d83bjuf3_XV */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.calico-apiserver" nflog-group 2 nflog-size 80 | |
| Chain cali-pro-_nzzjLvInId1gPHmQz_ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:5bHxBXLMkJKgC6dk */ /* Profile ksa.calico-system.calico-kube-controllers egress */ | |
| Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:0-_UPh39dt5XfhmJ */ /* Profile ksa.kube-system.coredns egress */ | |
| Chain cali-pro-_ymJUz7yzI6NOKJhG2- (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:yuJvAdyU1LYltt-O */ /* Profile ksa.calico-system.csi-node-driver egress */ | |
| Chain cali-pro-kns.calico-system (4 references) | |
| pkts bytes target prot opt in out source destination | |
| 80 4800 MARK all -- any any anywhere anywhere /* cali:gWxJzCZXxl31NR0P */ /* Profile kns.calico-system egress */ MARK or 0x10000 | |
| 80 4800 NFLOG all -- any any anywhere anywhere /* cali:AEuaZm2Broif1jyV */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.calico-system" nflog-group 2 nflog-size 80 | |
| Chain cali-pro-kns.kube-system (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 8 714 MARK all -- any any anywhere anywhere /* cali:tgOR2S8DVHZW3F1M */ /* Profile kns.kube-system egress */ MARK or 0x10000 | |
| 8 714 NFLOG all -- any any anywhere anywhere /* cali:FNtcg_qkksn6zdBc */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.kube-system" nflog-group 2 nflog-size 80 | |
| Chain cali-set-endpoint-mark (3 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-set-endpoint-mark-1 all -- cali1+ any anywhere anywhere [goto] /* cali:PnNIp7MVWc8s-rZh */ | |
| 0 0 cali-set-endpoint-mark-5 all -- cali5+ any anywhere anywhere [goto] /* cali:8k-rMLWJBGVkc0dY */ | |
| 1 60 cali-set-endpoint-mark-b all -- calib+ any anywhere anywhere [goto] /* cali:THB2BgWXR9T8kDES */ | |
| 0 0 cali-sm-calid71ef323b8e all -- calid71ef323b8e any anywhere anywhere [goto] /* cali:8g_NCHhbKB_Priy7 */ | |
| 0 0 cali-sm-calif63fa556511 all -- calif63fa556511 any anywhere anywhere [goto] /* cali:6AERKtaxERoBxREc */ | |
| 0 0 DROP all -- cali+ any anywhere anywhere /* cali:eWiIBEFxgMyYgi0r */ /* Unknown endpoint */ | |
| 9 714 MARK all -- any any anywhere anywhere /* cali:4I7WQxtfmoMHRp5t */ /* Non-Cali endpoint mark */ MARK xset 0x200000/0xffe00000 | |
| Chain cali-set-endpoint-mark-1 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-sm-cali1927ac942cc all -- cali1927ac942cc any anywhere anywhere [goto] /* cali:ywAmNrqviYijBgVy */ | |
| 0 0 cali-sm-cali1df5018ae1f all -- cali1df5018ae1f any anywhere anywhere [goto] /* cali:s7DrWw5dES7eAaju */ | |
| Chain cali-set-endpoint-mark-5 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-sm-cali53a298fdc89 all -- cali53a298fdc89 any anywhere anywhere [goto] /* cali:RTYfUQ3Iv0QzbaPV */ | |
| 1 60 cali-sm-cali5a433393f21 all -- cali5a433393f21 any anywhere anywhere [goto] /* cali:DIY1i0GPLs5mQeOo */ | |
| Chain cali-set-endpoint-mark-b (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-sm-calib09e260b500 all -- calib09e260b500 any anywhere anywhere [goto] /* cali:QMO1ed6WoPR7Myby */ | |
| 1 60 cali-sm-calib66b16815ec all -- calib66b16815ec any anywhere anywhere [goto] /* cali:NF40L-i88W78GJGT */ | |
| Chain cali-sm-cali1927ac942cc (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 3 180 MARK all -- any any anywhere anywhere /* cali:xAxzR1TCUov8kuFz */ MARK xset 0xcc000000/0xffe00000 | |
| Chain cali-sm-cali1df5018ae1f (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:8njUm101mKLhLR6H */ MARK xset 0xf8000000/0xffe00000 | |
| Chain cali-sm-cali53a298fdc89 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 3 180 MARK all -- any any anywhere anywhere /* cali:ii6XNJsMJs3DKOyp */ MARK xset 0xfec00000/0xffe00000 | |
| Chain cali-sm-cali5a433393f21 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1 60 MARK all -- any any anywhere anywhere /* cali:yjDxZh4CzszElmGm */ MARK xset 0xbe800000/0xffe00000 | |
| Chain cali-sm-calib09e260b500 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:qjfUWvK43XgsxFmC */ MARK xset 0xb2e00000/0xffe00000 | |
| Chain cali-sm-calib66b16815ec (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1 60 MARK all -- any any anywhere anywhere /* cali:gFG86gkIwjIkrITy */ MARK xset 0x9b200000/0xffe00000 | |
| Chain cali-sm-calid71ef323b8e (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1 60 MARK all -- any any anywhere anywhere /* cali:PBjIsvauMo_pieOc */ MARK xset 0x76000000/0xffe00000 | |
| Chain cali-sm-calif63fa556511 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1 60 MARK all -- any any anywhere anywhere /* cali:MZ7mmWbC2owW0lPv */ MARK xset 0xc2600000/0xffe00000 | |
| Chain cali-to-hep-forward (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-to-host-endpoint (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-to-wl-dispatch (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 1 187 cali-to-wl-dispatch-1 all -- any cali1+ anywhere anywhere [goto] /* cali:svNUGuuCd7LCNEXq */ | |
| 4 718 cali-to-wl-dispatch-5 all -- any cali5+ anywhere anywhere [goto] /* cali:iCGX2RMKlpNkEJv0 */ | |
| 0 0 cali-to-wl-dispatch-b all -- any calib+ anywhere anywhere [goto] /* cali:VC194i7wbmUEJ2n6 */ | |
| 0 0 cali-tw-calid71ef323b8e all -- any calid71ef323b8e anywhere anywhere [goto] /* cali:uvHHLWtwqvJ9zXIp */ | |
| 0 0 cali-tw-calif63fa556511 all -- any calif63fa556511 anywhere anywhere [goto] /* cali:-A4UsMSz_bK8F3lQ */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:UN4VGLwSBSlvga_Z */ /* Unknown interface */ | |
| Chain cali-to-wl-dispatch-1 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1 187 cali-tw-cali1927ac942cc all -- any cali1927ac942cc anywhere anywhere [goto] /* cali:sB3oppHrCUCZ0SVi */ | |
| 0 0 cali-tw-cali1df5018ae1f all -- any cali1df5018ae1f anywhere anywhere [goto] /* cali:2o1oTqw04-uXotYP */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:--15mfrd89V-6hGg */ /* Unknown interface */ | |
| Chain cali-to-wl-dispatch-5 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 4 718 cali-tw-cali53a298fdc89 all -- any cali53a298fdc89 anywhere anywhere [goto] /* cali:ITNZCL1Pfn1AiqGf */ | |
| 0 0 cali-tw-cali5a433393f21 all -- any cali5a433393f21 anywhere anywhere [goto] /* cali:9kaOCnO-ja5uw-eq */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:Mhwmb_ogewPExEdK */ /* Unknown interface */ | |
| Chain cali-to-wl-dispatch-b (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-tw-calib09e260b500 all -- any calib09e260b500 anywhere anywhere [goto] /* cali:PCPQFMownrNl-Oyo */ | |
| 0 0 cali-tw-calib66b16815ec all -- any calib66b16815ec anywhere anywhere [goto] /* cali:n3F6PYQ4fmjQ8CGD */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:Mz_oB1sSbh5tt9Nd */ /* Unknown interface */ | |
| Chain cali-tw-cali1927ac942cc (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 2 347 ACCEPT all -- any any anywhere anywhere /* cali:F5hBCbLU1bM_GhJa */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:8NQqfOqw4HBK-AeL */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:BLK6vYBiJwTgKHBU */ MARK and 0xfffcffff | |
| 0 0 cali-pri-kns.kube-system all -- any any anywhere anywhere /* cali:Mt34ID4TjMr31Za8 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:KijnFeIXYObv17cV */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:1m5A5xs7AggieuaW */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:gc2rl_JkHMRfWYFn */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:whvfvfRuGaGwjisM */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:l7sBuZC4Xc_YLdkZ */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali1df5018ae1f (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:2es6bm7As1VhlBTl */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:OBiSuaZeaOwt7nGK */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:-5D81rueJcAt4Qs2 */ MARK and 0xfffcffff | |
| 0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:GxOcO6DVWyIoS1Dg */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:FZFP4Qo7myD8kpZG */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_ymJUz7yzI6NOKJhG2- all -- any any anywhere anywhere /* cali:g3nB9LEOgoxhxN8u */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:za1qeXjrMGZ_LCZa */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:hoR_b8PVk7O9bpd8 */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:FwOWs64uJZDP7iMP */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali53a298fdc89 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 6 1049 ACCEPT all -- any any anywhere anywhere /* cali:VkKrrwyBZ1aECXpY */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:glKU24hjYarXJrSG */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:_WYBlLVea5OFNLWE */ MARK and 0xfffcffff | |
| 0 0 cali-pri-kns.kube-system all -- any any anywhere anywhere /* cali:5_rqB1zWuZ_eSShj */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:qEhg1EunPCe03p0j */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:fFZZjdjmiuVlPNb7 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:HrqW9GjlXdtXSFwO */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:GaHygTfaILiQCVCR */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:_Eu7mE-o9_6QQG_g */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali5a433393f21 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:VJCsVvNttLHqAPlB */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:MzaNFVYyhy91_oOa */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:ygu6KAP7YYlWxeMH */ MARK and 0xfffcffff | |
| 0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:6bkKAhzKNhbeYylM */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:k4-RwOCrSqHby_gN */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_nzzjLvInId1gPHmQz_ all -- any any anywhere anywhere /* cali:7ignVFWiCylo532c */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:iJeqD_YGLTGOIzgA */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:QoXB0_jY7j-HXpQo */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:4yST8xbKH_-iZnGV */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calib09e260b500 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:GneJUNPKYKgT72Ne */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:DkOjgCipLbrzqgf6 */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:B-e5xUeFBlUyaHXV */ MARK and 0xfffcffff | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:s25BOEzlcc_VVggg */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-pi-_YYnSgB46MA1TYU44kJq all -- any any anywhere anywhere /* cali:qqmXAdBSOzDUoZhQ */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ZzAwkAmkFHpT1BJy */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:nd3h-rzlZDaZ_UJ5 */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:hNbiUnCspToetn4y */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:nRruvrK7EF7NAHJ8 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:3s6nqSQ2DNu9v8fI */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_jtt6i-KVVwZ-74H4ov all -- any any anywhere anywhere /* cali:SzYfPmnkkVocggVx */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:aW6RypLEo-Wbj0E3 */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:YH8bMhkMmSU6LFad */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:rUZBx_OXskhN26iL */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calib66b16815ec (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:bBIX15FL0DnyHwQH */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:C1ZcrtAtzdM-vt0U */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:GE-HASHXjyQnJLr_ */ MARK and 0xfffcffff | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:fRn2gjfUQw0CpTfe */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-pi-_U7WUiLyTu5Vc3j6v19u all -- any any anywhere anywhere /* cali:kBALpSVKuwOL-fRO */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ULyHJtB1sDocEidY */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:eWjzBhTQoUJuiGQ1 */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:Ivd58JA_81MGmlxC */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:bdYM4hnKuUZQri_b */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:t1RDOC-l94nzUFsL */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_eY4Bnp6m80Op5FOwqd all -- any any anywhere anywhere /* cali:pKgZ8el4MifIAYMm */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:TR89VSnor8Shtnve */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:GWzkdliNV_pIcUuM */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:6dxSSx4D3jPl9Vpu */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calid71ef323b8e (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:3gZPpH8acR_8KptG */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:oIgylGidS_3igpGK */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:rCUerrjS1R6rI3ml */ MARK and 0xfffcffff | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:ZHDjMCB2sSsigcdB */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-pi-_FDiLImilezd09cpg5ci all -- any any anywhere anywhere /* cali:x7-QuJtn5YVHeH9B */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:kWq8WucSgcm1qUK0 */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:fC9xYbn5VJymyIu8 */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:XipIxEAg75BC5WxV */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pri-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:BBJ1E_RmGiIEwuxc */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:_zkHJ2kXcVK073LM */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:qZI_8eXxSraXb6C0 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:VI8_Pfts9_PCPPKa */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:oQe4CRQ39Tj9C3LD */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:EsaiDZK0PO7wLi_U */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calif63fa556511 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:J5iULGt3K8I9gWt9 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:62YwjXUTbuo3p1gn */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:Xzz_NWZT9Gtfo56v */ MARK and 0xfffcffff | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:Z0XVB40gCwjZgEiz */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-pi-_FDiLImilezd09cpg5ci all -- any any anywhere anywhere /* cali:zrynfSZViyC_CvBq */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ORmyw12GuSnfv_hr */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:GsuMK9g3bYwKDv4Y */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:un4ZrYU2YIJZobbt */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pri-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:j4-jzhGXLgZTGSJR */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:sr7PmgzPdBwzrIYN */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:xfsEOoPv47_QrR5J */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:kDm37S3mbmEoGlvb */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:v92f8uu8OaOr1hka */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:h-O-GleBmTHcty2A */ /* Drop if no profiles matched */ | |
| Chain cali-wl-to-host (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 55M 9499M cali-from-wl-dispatch all -- any any anywhere anywhere /* cali:Ee9Sbo10IpVujdIY */ | |
| 32007 1920K ACCEPT all -- any any anywhere anywhere /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment