Created
August 19, 2025 13:30
-
-
Save fmuyassarov/acb1ce0e22cd5ca6deeb886c7e372922 to your computer and use it in GitHub Desktop.
initial state
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Chain INPUT (policy ACCEPT 322M packets, 101G bytes) | |
| pkts bytes target prot opt in out source destination | |
| 334M 103G cali-INPUT all -- any any anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c */ | |
| 4636K 293M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */ | |
| 322M 101G KUBE-NODEPORTS all -- any any anywhere anywhere /* kubernetes health check service ports */ | |
| 4636K 293M KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */ | |
| 322M 101G KUBE-FIREWALL all -- any any anywhere anywhere | |
| Chain FORWARD (policy ACCEPT 2 packets, 181 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 732K 907M cali-FORWARD all -- any any anywhere anywhere /* cali:wUHhoiAYhphO9Mso */ | |
| 65544 6073K KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */ | |
| 146K 458M KUBE-FORWARD all -- any any anywhere anywhere /* kubernetes forwarding rules */ | |
| 65544 6073K KUBE-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes service portals */ | |
| 65544 6073K KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */ | |
| 65544 6073K DOCKER-USER all -- any any anywhere anywhere | |
| 65544 6073K DOCKER-FORWARD all -- any any anywhere anywhere | |
| 64344 5997K ACCEPT all -- any any anywhere anywhere /* cali:S93hcgKJrXEqnTfs */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000 | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:mp77cMpurHhyjLrM */ MARK or 0x10000 | |
| Chain OUTPUT (policy ACCEPT 335M packets, 101G bytes) | |
| pkts bytes target prot opt in out source destination | |
| 334M 101G cali-OUTPUT all -- any any anywhere anywhere /* cali:tVnHkvAo15HuiPy0 */ | |
| 5324K 320M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */ | |
| 5324K 320M KUBE-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes service portals */ | |
| 335M 101G KUBE-FIREWALL all -- any any anywhere anywhere | |
| Chain DOCKER (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT tcp -- !br-bc18ce9c999c br-bc18ce9c999c anywhere 172.18.0.2 tcp dpt:6443 | |
| 0 0 DROP all -- !docker0 docker0 anywhere anywhere | |
| 0 0 DROP all -- !br-bc18ce9c999c br-bc18ce9c999c anywhere anywhere | |
| Chain DOCKER-BRIDGE (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DOCKER all -- any docker0 anywhere anywhere | |
| 0 0 DOCKER all -- any br-bc18ce9c999c anywhere anywhere | |
| Chain DOCKER-CT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED | |
| 0 0 ACCEPT all -- any br-bc18ce9c999c anywhere anywhere ctstate RELATED,ESTABLISHED | |
| Chain DOCKER-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 65544 6073K DOCKER-CT all -- any any anywhere anywhere | |
| 65544 6073K DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere | |
| 65544 6073K DOCKER-BRIDGE all -- any any anywhere anywhere | |
| 745 48372 ACCEPT all -- docker0 any anywhere anywhere | |
| 453 27180 ACCEPT all -- br-bc18ce9c999c any anywhere anywhere | |
| Chain DOCKER-ISOLATION-STAGE-1 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 745 48372 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere | |
| 453 27180 DOCKER-ISOLATION-STAGE-2 all -- br-bc18ce9c999c !br-bc18ce9c999c anywhere anywhere | |
| Chain DOCKER-ISOLATION-STAGE-2 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- any br-bc18ce9c999c anywhere anywhere | |
| 0 0 DROP all -- any docker0 anywhere anywhere | |
| Chain DOCKER-USER (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 65544 6073K RETURN all -- any any anywhere anywhere | |
| Chain KUBE-EXTERNAL-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-FIREWALL (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- any any !localhost/8 localhost/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT | |
| Chain KUBE-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- any any anywhere anywhere ctstate INVALID nfacct-name ct_state_invalid_dropped_pkts | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* kubernetes forwarding rules */ mark match 0x4000/0x4000 | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED | |
| Chain KUBE-KUBELET-CANARY (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-NODEPORTS (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-PROXY-CANARY (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-PROXY-FIREWALL (3 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain KUBE-SERVICES (2 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 732K 907M MARK all -- any any anywhere anywhere /* cali:W_vvds1Nw3n9QE2f */ MARK and 0xffe5ffff | |
| 732K 907M cali-from-hep-forward all -- any any anywhere anywhere /* cali:ZfgmjuiLaA8Pg0kp */ mark match 0x0/0x10000 | |
| 484K 49M cali-from-wl-dispatch all -- cali+ any anywhere anywhere /* cali:tAzwBLPaV-j53OOZ */ | |
| 219K 411M cali-to-wl-dispatch all -- any cali+ anywhere anywhere /* cali:4Z0Pf0byo05NFe-P */ | |
| 146K 458M cali-to-hep-forward all -- any any anywhere anywhere /* cali:hQ7Oc16wmUtLuneJ */ | |
| 146K 458M cali-cidr-block all -- any any anywhere anywhere /* cali:rnKNH2WxGcRQcIlD */ | |
| Chain cali-INPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT udp -- any any anywhere anywhere /* cali:J76FwxInZIsk7uKY */ /* Allow IPv4 VXLAN packets from allowed hosts */ multiport dports 4789 match-set cali40all-vxlan-net src ADDRTYPE match dst-type LOCAL | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:EDCNTTxYfggApx8C */ /* Drop IPv4 VXLAN packets from non-allowed hosts */ multiport dports 4789 ADDRTYPE match dst-type LOCAL | |
| 12M 2758M cali-wl-to-host all -- cali+ any anywhere anywhere [goto] /* cali:H03xYXARh4e8pwd4 */ | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:MN6K3isIWBigb1Va */ mark match 0x10000/0x10000 | |
| 322M 101G MARK all -- any any anywhere anywhere /* cali:aKDQAoV0P_FFAIwV */ MARK and 0xffe4ffff | |
| 322M 101G cali-from-host-endpoint all -- any any anywhere anywhere /* cali:vIx3xkWzuvLW9fr4 */ | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:5W9XghKma9wuz47x */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000 | |
| Chain cali-OUTPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:Mq1_rAdXXH3YkrzW */ mark match 0x10000/0x10000 | |
| 10M 3126M RETURN all -- any cali+ anywhere anywhere /* cali:69FkRTJDvD5Vu6Vl */ | |
| 0 0 ACCEPT udp -- any any anywhere anywhere /* cali:-QZG79DohFjalQBb */ /* Allow IPv4 VXLAN packets to other allowed hosts */ multiport dports 4789 ADDRTYPE match src-type LOCAL match-set cali40all-vxlan-net dst | |
| 324M 98G MARK all -- any any anywhere anywhere /* cali:6T0hFtymUtXMOfEV */ MARK and 0xffe4ffff | |
| 301M 72G cali-to-host-endpoint all -- any any anywhere anywhere /* cali:IpTGXsDHURPUaLjJ */ ! ctstate DNAT | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:wgnULo2gucg1umsA */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000 | |
| Chain cali-cidr-block (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-hep-forward (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-host-endpoint (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-from-wl-dispatch (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-from-wl-dispatch-4 all -- cali4+ any anywhere anywhere [goto] /* cali:2b7OEVWxujqPNMC9 */ | |
| 248 35224 cali-fw-cali7bf8f951c99 all -- cali7bf8f951c99 any anywhere anywhere [goto] /* cali:eicJdvLy3DYmrPiy */ | |
| 1237 433K cali-from-wl-dispatch-9 all -- cali9+ any anywhere anywhere [goto] /* cali:zTX6Xyw-nJYWz7_d */ | |
| 373 60215 cali-fw-calib9eaad863b0 all -- calib9eaad863b0 any anywhere anywhere [goto] /* cali:c75IdEiOeBfW6yB_ */ | |
| 143 15526 cali-fw-calic81ae161df0 all -- calic81ae161df0 any anywhere anywhere [goto] /* cali:0KCRqfeoTa6Aporq */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:TsGvUAPNtOpnHsrn */ /* Unknown interface */ | |
| Chain cali-from-wl-dispatch-4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-fw-cali4854e26bc67 all -- cali4854e26bc67 any anywhere anywhere [goto] /* cali:4tNgblaq7L1TlBaz */ | |
| 0 0 cali-fw-cali4eeefb62f3f all -- cali4eeefb62f3f any anywhere anywhere [goto] /* cali:p9r0XVhk_CeWgkKu */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:n7RRYNaokFSC6U7H */ /* Unknown interface */ | |
| Chain cali-from-wl-dispatch-9 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 59 5640 cali-fw-cali949fdc137b8 all -- cali949fdc137b8 any anywhere anywhere [goto] /* cali:TpXWIbScOUx1qkHB */ | |
| 76 7098 cali-fw-cali9783d7e0897 all -- cali9783d7e0897 any anywhere anywhere [goto] /* cali:yQFWWZ7Dp3GZCQw8 */ | |
| 1015 406K cali-fw-cali9b14e9bb448 all -- cali9b14e9bb448 any anywhere anywhere [goto] /* cali:R1YUwIDfbRvEvV15 */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:75_Cq3GquZE2YaEQ */ /* Unknown interface */ | |
| Chain cali-fw-cali4854e26bc67 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:Jq63aLEGIpKbiXO0 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:XSL_Q5dkE_3CgUh9 */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:Pka9qjQooCp5xXGw */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:_ocgOrkGE4evfHj5 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:s110RssaElmDv3Rq */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:9jnMYtD9RbVIXXjs */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:6ohYgkpaANrs8RoJ */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_ymJUz7yzI6NOKJhG2- all -- any any anywhere anywhere /* cali:cflFv_-lWZxnXMxK */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:_kOEpee8TgiJRRWt */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:13mAIUWdPVstd0T6 */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:i048TKwD9eueoSMK */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali4eeefb62f3f (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:F_o4JXsgMbt9CbIT */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:-kP0Bx5mK46MB6dg */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:VHLcEVX0u6TEgYWW */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:2GLfWRPbyfbW-ejW */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:C_vDlrVlPdcyHvQZ */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:BMKk6dJCTFcmS8eH */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-po-_YYnSgB46MA1TYU44kJq all -- any any anywhere anywhere /* cali:ZxlCdcU9qnPhbayN */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:YotMVGCqpniVSHbE */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:51Ysu4vo9mmuPNFR */ mark match 0x0/0x20000 nflog-prefix "DPE|default" nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:XXDES1M-ySV1CmcH */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:nsvUpZTcp6jTv3v8 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:tGA8SiL6eAJqwhcy */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_jtt6i-KVVwZ-74H4ov all -- any any anywhere anywhere /* cali:3FvJTncawRNpkno4 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:pY-tHfCgP2Ig0ZBz */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:vcAyvWxj9bSNJVRR */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:H47zXbK8SpNu2jMM */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali7bf8f951c99 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 247 35164 ACCEPT all -- any any anywhere anywhere /* cali:IRs1A29YCjoTkzX5 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:Mqa3YiFXBsYUKM5z */ ctstate INVALID | |
| 1 60 MARK all -- any any anywhere anywhere /* cali:Mm1c4oU67pogCDzg */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:_ERwNQZL6SHD-Y_E */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:QihW7_vTyswhoK1B */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 1 60 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:R9zx-gBt1AJkUu4a */ | |
| 1 60 RETURN all -- any any anywhere anywhere /* cali:wOcJHiOUVfnwoN8e */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_nzzjLvInId1gPHmQz_ all -- any any anywhere anywhere /* cali:Qsd4veCK9K4tLFPe */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:5hvbB_ryChG4z4Li */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:uo_GLwH-WhDDPXn2 */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:4uR7QAeJmAysRd0c */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali949fdc137b8 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 89 14081 ACCEPT all -- any any anywhere anywhere /* cali:E_gO-rbqFo-wezOt */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:-n1p3ZVjEgHXF7Vv */ ctstate INVALID | |
| 1 60 MARK all -- any any anywhere anywhere /* cali:jkBQdDWJryINpXbj */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:D182SIQ0gZyvW7zG */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:SKeCJITfGfKdhUdS */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 1 60 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:iNVf3BizUPt0AQ2q */ | |
| 1 60 RETURN all -- any any anywhere anywhere /* cali:YuijmUM046NT3O_6 */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_eY4Bnp6m80Op5FOwqd all -- any any anywhere anywhere /* cali:92e7MX07w5k__58p */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:sMIN-AMmYJq2__CP */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:ykMrjodclgVyORwI */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:JpJQfnlbuY6Zv5iP */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali9783d7e0897 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 127 12421 ACCEPT all -- any any anywhere anywhere /* cali:xKbdnBhFeXQSXWQO */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:qPE_uT7W_ARIeksj */ ctstate INVALID | |
| 5 331 MARK all -- any any anywhere anywhere /* cali:yjNgA-QJsZhqKh32 */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:YDkpJ_7gknJ5rgtw */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:T6jUZRE0gWISwP4n */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 5 331 cali-pro-kns.kube-system all -- any any anywhere anywhere /* cali:qzxyDJxWg5-K9oAV */ | |
| 5 331 RETURN all -- any any anywhere anywhere /* cali:CySi7WfVfFAENT8g */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:542-QzwIyVD9Khbi */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ECPzsw90tBmmOFkr */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:DtDL5DqDbFJ9iuAm */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:CwdO46dChujridL7 */ /* Drop if no profiles matched */ | |
| Chain cali-fw-cali9b14e9bb448 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 1014 406K ACCEPT all -- any any anywhere anywhere /* cali:cauTMwh5h69wGhx3 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:EPgPacyKWyAj8kIT */ ctstate INVALID | |
| 1 60 MARK all -- any any anywhere anywhere /* cali:bro3rDIyL3Hkl1Cf */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:nVvun-xvlUoxB3yz */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:ByRSW6XZGdMtXIZa */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 1 60 cali-pro-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:8zPPJhKawwzLWTU5 */ | |
| 1 60 RETURN all -- any any anywhere anywhere /* cali:Lo_kmuNT29301myJ */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:BZDYI1xRkaQtie7o */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:VUITIvxxHoyGaI8a */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:woR7GdoNUtFO5Kz4 */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:TmC_6M5JnMWtT8gD */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calib9eaad863b0 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 375 60327 ACCEPT all -- any any anywhere anywhere /* cali:jN9EGbHbeS1gZwC4 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:EquGDQbRZpmnU00y */ ctstate INVALID | |
| 1 60 MARK all -- any any anywhere anywhere /* cali:RdxXeLjAgXM5hxqF */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:yxbERLZAwNEFo8UG */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:O74Ak5bH3trOy0W2 */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 1 60 cali-pro-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:g2MIHXhFt_DocOH7 */ | |
| 1 60 RETURN all -- any any anywhere anywhere /* cali:_tJlpNwennvxw8YA */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:JKg3W3X9waPmzC7v */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:zg2PIL_XYtG0XneQ */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:fypwWDK-4dFIqnXj */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:3-ijlvD9DDoGGMnH */ /* Drop if no profiles matched */ | |
| Chain cali-fw-calic81ae161df0 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 138 15165 ACCEPT all -- any any anywhere anywhere /* cali:yySOh00SsGb8TwY8 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:sE8MzpbWBeCrG_Fw */ ctstate INVALID | |
| 5 361 MARK all -- any any anywhere anywhere /* cali:YyjZRSYZnrfL_lsu */ MARK and 0xfffcffff | |
| 0 0 DROP udp -- any any anywhere anywhere /* cali:ySbj6vzqcwTzNo2W */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789 | |
| 0 0 DROP ipencap -- any any anywhere anywhere /* cali:8aKxaqP3NestwcJ3 */ /* Drop IPinIP encapped packets originating in workloads */ | |
| 5 361 cali-pro-kns.kube-system all -- any any anywhere anywhere /* cali:2toP3vFoxdXctsF1 */ | |
| 5 361 RETURN all -- any any anywhere anywhere /* cali:EoJYi48etDITPUDM */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:YnJhiqSXxDVcIGDz */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:D2VtYMmq5B5b9nBG */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:90Y1uEj7JyfkC6HN */ nflog-prefix DRE nflog-group 2 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:f_kZqJpH2gHC6ygy */ /* Drop if no profiles matched */ | |
| Chain cali-pi-_FDiLImilezd09cpg5ci (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK tcp -- any any anywhere anywhere /* cali:wH4Z-YLtazvrkIUi */ /* Policy calico-apiserver/knp.default.allow-apiserver ingress */ multiport dports 5443 MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:pV3tRI_BN9MkLz81 */ mark match 0x10000/0x10000 nflog-prefix "API0|calico-apiserver/knp.default.allow-apiserver" nflog-group 1 nflog-size 80 | |
| Chain cali-pi-_U7WUiLyTu5Vc3j6v19u (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK tcp -- any any anywhere anywhere /* cali:-1XSFfQZOlUTo8yH */ /* Policy calico-system/knp.default.goldmane ingress */ multiport dports 7443 MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:EMIA5LQXZZkoiYUT */ mark match 0x10000/0x10000 nflog-prefix "API0|calico-system/knp.default.goldmane" nflog-group 1 nflog-size 80 | |
| Chain cali-pi-_YYnSgB46MA1TYU44kJq (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:JBv9xOy5yJdiWKiY */ /* Policy calico-system/knp.default.whisker ingress */ | |
| Chain cali-po-_YYnSgB46MA1TYU44kJq (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK tcp -- any any anywhere anywhere /* cali:WLeBgvgJTxHWj12b */ /* Policy calico-system/knp.default.whisker egress */ match-set cali40s:bgLSTkNhu0BKRQ9zwXjvfbX dst multiport dports 7443 MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:ZCKHAWDzorg1xgU9 */ mark match 0x10000/0x10000 nflog-prefix "APE0|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:3UX05GcN2RCJ36oa */ mark match 0x10000/0x10000 | |
| 0 0 MARK tcp -- any any anywhere anywhere /* cali:8bPWZZY0GvWgDVWB */ match-set cali40s:n27_8wNKytyIy8FV4MfcwNI dst multiport dports domain MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:djKrvOA3jJyhyYiW */ mark match 0x10000/0x10000 nflog-prefix "APE1|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ekAjEdOWCdE3pANn */ mark match 0x10000/0x10000 | |
| 0 0 MARK udp -- any any anywhere anywhere /* cali:ew262h3gUE6ZESH4 */ match-set cali40s:n27_8wNKytyIy8FV4MfcwNI dst multiport dports domain MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:oz5I3LtAEHtfHSTH */ mark match 0x10000/0x10000 nflog-prefix "APE2|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80 | |
| Chain cali-pri-_4yi5_iSUAwsU8zMHTk (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:ZYnaZZFwsSjfXO4C */ /* Profile ksa.calico-apiserver.calico-apiserver ingress */ | |
| Chain cali-pri-_eY4Bnp6m80Op5FOwqd (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:jyhZblM1OzY4DUqi */ /* Profile ksa.calico-system.goldmane ingress */ | |
| Chain cali-pri-_jtt6i-KVVwZ-74H4ov (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:No_RDbsVx31noDvv */ /* Profile ksa.calico-system.whisker ingress */ | |
| Chain cali-pri-_kJqfZpgUe7r2t4A-14 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:IQx0SzlDGn6BPv0A */ /* Profile kns.calico-apiserver ingress */ MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:dHGDmF90Anl0gS_s */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.calico-apiserver" nflog-group 1 nflog-size 80 | |
| Chain cali-pri-_nzzjLvInId1gPHmQz_ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:UQoEf2WCdU0bPTCb */ /* Profile ksa.calico-system.calico-kube-controllers ingress */ | |
| Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:WqgznqAQ-uYV0oBx */ /* Profile ksa.kube-system.coredns ingress */ | |
| Chain cali-pri-_ymJUz7yzI6NOKJhG2- (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:52zm9tLYY65R0fSD */ /* Profile ksa.calico-system.csi-node-driver ingress */ | |
| Chain cali-pri-kns.calico-system (4 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:hLANj-OVIyT53h_j */ /* Profile kns.calico-system ingress */ MARK or 0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:eDg78bIqr5YAUJqq */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.calico-system" nflog-group 1 nflog-size 80 | |
| Chain cali-pri-kns.kube-system (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 52593 5203K MARK all -- any any anywhere anywhere /* cali:J1TyxtHWd0qaBGK- */ /* Profile kns.kube-system ingress */ MARK or 0x10000 | |
| 52593 5203K NFLOG all -- any any anywhere anywhere /* cali:GulrEF2fpGf_rDXZ */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.kube-system" nflog-group 1 nflog-size 80 | |
| Chain cali-pro-_4yi5_iSUAwsU8zMHTk (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:Pp_dQp2FeNabRhyi */ /* Profile ksa.calico-apiserver.calico-apiserver egress */ | |
| Chain cali-pro-_eY4Bnp6m80Op5FOwqd (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:2fVOokqK7Gq6i9oT */ /* Profile ksa.calico-system.goldmane egress */ | |
| Chain cali-pro-_jtt6i-KVVwZ-74H4ov (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:57j7D-KvPIuU1Pml */ /* Profile ksa.calico-system.whisker egress */ | |
| Chain cali-pro-_kJqfZpgUe7r2t4A-14 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 6 360 MARK all -- any any anywhere anywhere /* cali:_cFTxC141wwWRzyZ */ /* Profile kns.calico-apiserver egress */ MARK or 0x10000 | |
| 6 360 NFLOG all -- any any anywhere anywhere /* cali:f0yo1d83bjuf3_XV */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.calico-apiserver" nflog-group 2 nflog-size 80 | |
| Chain cali-pro-_nzzjLvInId1gPHmQz_ (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:5bHxBXLMkJKgC6dk */ /* Profile ksa.calico-system.calico-kube-controllers egress */ | |
| Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:0-_UPh39dt5XfhmJ */ /* Profile ksa.kube-system.coredns egress */ | |
| Chain cali-pro-_ymJUz7yzI6NOKJhG2- (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- any any anywhere anywhere /* cali:yuJvAdyU1LYltt-O */ /* Profile ksa.calico-system.csi-node-driver egress */ | |
| Chain cali-pro-kns.calico-system (4 references) | |
| pkts bytes target prot opt in out source destination | |
| 55 3300 MARK all -- any any anywhere anywhere /* cali:gWxJzCZXxl31NR0P */ /* Profile kns.calico-system egress */ MARK or 0x10000 | |
| 55 3300 NFLOG all -- any any anywhere anywhere /* cali:AEuaZm2Broif1jyV */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.calico-system" nflog-group 2 nflog-size 80 | |
| Chain cali-pro-kns.kube-system (2 references) | |
| pkts bytes target prot opt in out source destination | |
| 5195 401K MARK all -- any any anywhere anywhere /* cali:tgOR2S8DVHZW3F1M */ /* Profile kns.kube-system egress */ MARK or 0x10000 | |
| 5195 401K NFLOG all -- any any anywhere anywhere /* cali:FNtcg_qkksn6zdBc */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.kube-system" nflog-group 2 nflog-size 80 | |
| Chain cali-to-hep-forward (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-to-host-endpoint (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain cali-to-wl-dispatch (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-to-wl-dispatch-4 all -- any cali4+ anywhere anywhere [goto] /* cali:OvZFoUJ0shat6y2L */ | |
| 0 0 cali-tw-cali7bf8f951c99 all -- any cali7bf8f951c99 anywhere anywhere [goto] /* cali:DqqyfLC84ZyDMkDZ */ | |
| 4 843 cali-to-wl-dispatch-9 all -- any cali9+ anywhere anywhere [goto] /* cali:dSAmHHzXyHXFST3G */ | |
| 0 0 cali-tw-calib9eaad863b0 all -- any calib9eaad863b0 anywhere anywhere [goto] /* cali:WBznb9ohX6XXT0sE */ | |
| 3 502 cali-tw-calic81ae161df0 all -- any calic81ae161df0 anywhere anywhere [goto] /* cali:NQHw6JhJVBUCHiLF */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:UHnJrWUbxjNIxAYr */ /* Unknown interface */ | |
| Chain cali-to-wl-dispatch-4 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-tw-cali4854e26bc67 all -- any cali4854e26bc67 anywhere anywhere [goto] /* cali:u7IsSJSiolsBwtbi */ | |
| 0 0 cali-tw-cali4eeefb62f3f all -- any cali4eeefb62f3f anywhere anywhere [goto] /* cali:E70SHCJIazfUhn-j */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:eP4zKyc7OEgQPPg1 */ /* Unknown interface */ | |
| Chain cali-to-wl-dispatch-9 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 cali-tw-cali949fdc137b8 all -- any cali949fdc137b8 anywhere anywhere [goto] /* cali:Cw35WSuMROmCyvc7 */ | |
| 1 171 cali-tw-cali9783d7e0897 all -- any cali9783d7e0897 anywhere anywhere [goto] /* cali:mNOz0e0K1weFFPYk */ | |
| 0 0 cali-tw-cali9b14e9bb448 all -- any cali9b14e9bb448 anywhere anywhere [goto] /* cali:rIuOSpC2LMwktQUp */ | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:cRqWFlpJcY4lA0-L */ /* Unknown interface */ | |
| Chain cali-tw-cali4854e26bc67 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:v6IbjHRuQ0UUC0WH */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:ClS-42ZYX_4AIrsJ */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:xUXcNA6U6mloXXl1 */ MARK and 0xfffcffff | |
| 0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:wCv_K-pp62l5KlYB */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ERbX_aqvnzlj0x3_ */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_ymJUz7yzI6NOKJhG2- all -- any any anywhere anywhere /* cali:PvrHTr0Iazwkhox7 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:0FYCYMhNQ2v3WYch */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:YBCa_0IxQ7Vs9Hws */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:1GJNN0Na_rcTy2SV */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali4eeefb62f3f (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:g7QF0MLdzgTUfnwZ */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:GYv8xqgeQ-OWYpuC */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:yZWKInirDuoe7Stf */ MARK and 0xfffcffff | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:_G4roZktXPz9pdja */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-pi-_YYnSgB46MA1TYU44kJq all -- any any anywhere anywhere /* cali:rJPdJkwuHAr5wG05 */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:NPOgPFa5C1Xz4Bft */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:S4WE4ovEI2Jm94jK */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:Yk_hpiIKPZDtnvD0 */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:8bNF3IJKDMRUDkv7 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ntMk2UBWbDeRpftV */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_jtt6i-KVVwZ-74H4ov all -- any any anywhere anywhere /* cali:5O6qgoJtN7htD9Ej */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:D6v4Z2QNu3nY1aMS */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:Mh6smkwGmoTNAPC9 */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:qXcCHPJdZrqK8n1K */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali7bf8f951c99 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:70pZ2hSffoIffnbk */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:WWZTj1bYyzGrLs4f */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:Q-gSOjD6VSxq0nfs */ MARK and 0xfffcffff | |
| 0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:Bh0GOg1VSEAszRgG */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:ik2Zfj8LFR9KIz2g */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_nzzjLvInId1gPHmQz_ all -- any any anywhere anywhere /* cali:sZg53W3CSWW4fJA0 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:IRhTxrqb4CZh-F1r */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:wP3b5s24CXYFUAzj */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:2EvAOBKHXwY7dL1G */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali949fdc137b8 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:LEWsGJY4DxPopKuX */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:ErkTfYKtd6YHQ_8J */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:0O231ajJEwgty-3F */ MARK and 0xfffcffff | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:7jLcD2TqWoD89hC0 */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-pi-_U7WUiLyTu5Vc3j6v19u all -- any any anywhere anywhere /* cali:drq0b_6KZMY6ngXm */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:_AiL_IpiIqYTgFRN */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:JyQ1Fvbj0_iN3xZI */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:s2EIyXJNNKpDo720 */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:AI42S8bOzkObVrsP */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:GikSYCcYb7zlq_WW */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_eY4Bnp6m80Op5FOwqd all -- any any anywhere anywhere /* cali:Xqav7Uv2FKtk4410 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:Kv60yL38DH5Zi_-F */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:xOLUy3G3U-CLPT9f */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:4OG7Coti8UMOLkIF */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali9783d7e0897 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 4 843 ACCEPT all -- any any anywhere anywhere /* cali:PtH05jZ1oKcg8lKx */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:VVwmDHFl1ULueM_S */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:fSs_G9Ri1ciogGh3 */ MARK and 0xfffcffff | |
| 0 0 cali-pri-kns.kube-system all -- any any anywhere anywhere /* cali:6u1R_kzKh5wCDvQ5 */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:cJLUR-8GiF6jqj28 */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:RlDvmVIFK44sXsMq */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:6jn24DiX6HfNgGUz */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:1F2dA82Ve-3_TKkw */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:421QCd2wVOW0i4ph */ /* Drop if no profiles matched */ | |
| Chain cali-tw-cali9b14e9bb448 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:AzSSMYzhj6D14sma */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:EOB-1U02qmNjo8SZ */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:3tciyhLJxTW_hmw3 */ MARK and 0xfffcffff | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:rmwNFx-wrGqKxntD */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-pi-_FDiLImilezd09cpg5ci all -- any any anywhere anywhere /* cali:eem0wyXHcpHwSBKA */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:FsXOgnOIOYhQM4Q1 */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:hpLCS6VMl7uZ0TYQ */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:znfNfwnjKIuF9KFv */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pri-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:nxmu8D0smxdKTjcD */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:l4Sgkw9j_6MfpavN */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:6WngGYWHdm6KMA_O */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:B2xyH-6Em1XhODoG */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:7H4iiLw_YN22s3TV */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:DvcIUZ1gWSyDmWQx */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calib9eaad863b0 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT all -- any any anywhere anywhere /* cali:P2tcWxCNIeN-GG62 */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:J7Nip-QimZndHAMt */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:_2ASSKCvmXBD18Vy */ MARK and 0xfffcffff | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:WRejhC2caMYwafLT */ /* Start of tier default */ MARK and 0xfffdffff | |
| 0 0 cali-pi-_FDiLImilezd09cpg5ci all -- any any anywhere anywhere /* cali:62L3_BuQ--G8Pwhk */ mark match 0x0/0x20000 | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:Jhns6EVA9fE1Ibjc */ /* Return if policy accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:zigPuLv_a--qM20a */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:MKmrtF8XTkvRBaCU */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000 | |
| 0 0 cali-pri-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:W-dmXE9XHe6HLigj */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:Aw9OefmjGo421OUc */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:ELgpibBtkC2--hHx */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:0VQYemI6ICaa44Df */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:FaMlTEXJ8nK5qc_9 */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:kZKKOCjnsQvaOGTx */ /* Drop if no profiles matched */ | |
| Chain cali-tw-calic81ae161df0 (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 3 502 ACCEPT all -- any any anywhere anywhere /* cali:RMiEaLeDZj_dsj-R */ ctstate RELATED,ESTABLISHED | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:nUOzny8-YdEtqYY- */ ctstate INVALID | |
| 0 0 MARK all -- any any anywhere anywhere /* cali:0FyKxXl_T7oivq-A */ MARK and 0xfffcffff | |
| 0 0 cali-pri-kns.kube-system all -- any any anywhere anywhere /* cali:QTW_1tx6JtvNEdDd */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:jhL_IK3ga2ysFK5M */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:DAcH1o3w7MRU8K5x */ | |
| 0 0 RETURN all -- any any anywhere anywhere /* cali:LFGjnVgSHrl5Rd7W */ /* Return if profile accepted */ mark match 0x10000/0x10000 | |
| 0 0 NFLOG all -- any any anywhere anywhere /* cali:PftkqIdZWCJVeqDJ */ nflog-prefix DRI nflog-group 1 nflog-size 80 | |
| 0 0 DROP all -- any any anywhere anywhere /* cali:ZJKmGH9zxQOlchbv */ /* Drop if no profiles matched */ | |
| Chain cali-wl-to-host (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 12M 2758M cali-from-wl-dispatch all -- any any anywhere anywhere /* cali:Ee9Sbo10IpVujdIY */ | |
| 412 24720 ACCEPT all -- any any anywhere anywhere /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment