Created
July 20, 2017 02:02
-
-
Save yifan-gu/78b99b7a4352b17aedf6b1572ea0b9cc to your computer and use it in GitHub Desktop.
table
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| :KUBE-SERVICES - [0:0] | |
| COMMIT | |
| *nat | |
| :KUBE-SERVICES - [0:0] | |
| :KUBE-NODEPORTS - [0:0] | |
| :KUBE-POSTROUTING - [0:0] | |
| :KUBE-MARK-MASQ - [0:0] | |
| :KUBE-SVC-4RFU3GGCUIJHFZEZ - [0:0] | |
| :KUBE-SEP-CG3BO6CZOYEJLW7B - [0:0] | |
| :KUBE-SEP-N5IGG6PPU7M7SEMF - [0:0] | |
| :KUBE-SVC-2IDT6BM2YVVH2KLM - [0:0] | |
| :KUBE-SEP-WHEYMI4PS7H6HEVV - [0:0] | |
| :KUBE-SEP-GBZST3QOLAW3U7GW - [0:0] | |
| :KUBE-SVC-LWQ6ERSN2GZ2OM7R - [0:0] | |
| :KUBE-SEP-6Z64IOM3Y4UU5EMF - [0:0] | |
| :KUBE-SVC-WTJF2MKKUQXO44KB - [0:0] | |
| :KUBE-SEP-6O3MYO6KKD3GMNNZ - [0:0] | |
| :KUBE-SVC-HW3L6WD3C4KVFFKE - [0:0] | |
| :KUBE-SEP-MMVLH7LSMVYO2JQV - [0:0] | |
| :KUBE-SVC-WNIBEM2D3V4W3PCZ - [0:0] | |
| :KUBE-SEP-AYVOFZWRPK54UCGR - [0:0] | |
| :KUBE-SEP-A54WBIDAT6U34IEK - [0:0] | |
| :KUBE-SVC-IUSNRMZFI7TTS4FG - [0:0] | |
| :KUBE-SEP-GTMWC2VN76OPYUGA - [0:0] | |
| :KUBE-SVC-EI5FL7I4UTJQWVN4 - [0:0] | |
| :KUBE-SEP-L6NN3GNW6HY67JR5 - [0:0] | |
| :KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0] | |
| :KUBE-SEP-HQ3INDTQHSRJAXAV - [0:0] | |
| :KUBE-SVC-GO2LTBO44KXHV5OS - [0:0] | |
| :KUBE-SEP-4U6H5NEHZUIRCLKB - [0:0] | |
| :KUBE-SVC-BJM46V3U5RZHCFRZ - [0:0] | |
| :KUBE-SEP-BQFCWDFZEMKHRR7D - [0:0] | |
| :KUBE-SVC-RUU63FO4D7KXXBEB - [0:0] | |
| :KUBE-SEP-ONMVZA5MKCZE7YS4 - [0:0] | |
| :KUBE-SVC-A6RCWLFMHNFCMRTX - [0:0] | |
| :KUBE-SEP-A73IRJW3JVTSVZHG - [0:0] | |
| :KUBE-SVC-JEJ6BJ5IBP56KA6D - [0:0] | |
| :KUBE-SEP-OIDVMDZM5X3WFPQF - [0:0] | |
| :KUBE-SVC-DFK5ZZPFREAMSJKE - [0:0] | |
| :KUBE-SEP-I6MVPDVTBAPLJS7Q - [0:0] | |
| :KUBE-SVC-HQ22IKBAABFHT5QE - [0:0] | |
| :KUBE-SEP-OV5B5YW7S2E26ZQR - [0:0] | |
| :KUBE-SEP-XZBU5RMYLBX5UK7P - [0:0] | |
| :KUBE-SVC-TCOU7JCQXEZGVUNU - [0:0] | |
| :KUBE-SEP-RVGJJ4PD7HVV72IX - [0:0] | |
| :KUBE-SVC-ERIFXISQEP7F7OF4 - [0:0] | |
| :KUBE-SEP-JUKHXEQ6L3ILCWM4 - [0:0] | |
| :KUBE-SVC-GMW5W2SEZ52UQ3UF - [0:0] | |
| :KUBE-SEP-U22ZRDW665TOKGJL - [0:0] | |
| -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x00004000/0x00004000 -j MASQUERADE | |
| -A KUBE-MARK-MASQ -j MARK --set-xmark 0x00004000/0x00004000 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/alertmanager-main:web cluster IP" -m tcp -p tcp -d 10.3.186.238/32 --dport 9093 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/alertmanager-main:web cluster IP" -m tcp -p tcp -d 10.3.186.238/32 --dport 9093 -j KUBE-SVC-4RFU3GGCUIJHFZEZ | |
| -A KUBE-SVC-4RFU3GGCUIJHFZEZ -m comment --comment tectonic-system/alertmanager-main:web -m statistic --mode random --probability 0.50000 -j KUBE-SEP-CG3BO6CZOYEJLW7B | |
| -A KUBE-SEP-CG3BO6CZOYEJLW7B -m comment --comment tectonic-system/alertmanager-main:web -s 10.2.1.22/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-CG3BO6CZOYEJLW7B -m comment --comment tectonic-system/alertmanager-main:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.22:9093 | |
| -A KUBE-SVC-4RFU3GGCUIJHFZEZ -m comment --comment tectonic-system/alertmanager-main:web -j KUBE-SEP-N5IGG6PPU7M7SEMF | |
| -A KUBE-SEP-N5IGG6PPU7M7SEMF -m comment --comment tectonic-system/alertmanager-main:web -s 10.2.1.7/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-N5IGG6PPU7M7SEMF -m comment --comment tectonic-system/alertmanager-main:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.7:9093 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity:worker cluster IP" -m tcp -p tcp -d 10.3.159.131/32 --dport 5556 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity:worker cluster IP" -m tcp -p tcp -d 10.3.159.131/32 --dport 5556 -j KUBE-SVC-2IDT6BM2YVVH2KLM | |
| -A KUBE-SVC-2IDT6BM2YVVH2KLM -m comment --comment tectonic-system/tectonic-identity:worker -m statistic --mode random --probability 0.50000 -j KUBE-SEP-WHEYMI4PS7H6HEVV | |
| -A KUBE-SEP-WHEYMI4PS7H6HEVV -m comment --comment tectonic-system/tectonic-identity:worker -s 10.2.1.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-WHEYMI4PS7H6HEVV -m comment --comment tectonic-system/tectonic-identity:worker -m tcp -p tcp -j DNAT --to-destination 10.2.1.4:5556 | |
| -A KUBE-SVC-2IDT6BM2YVVH2KLM -m comment --comment tectonic-system/tectonic-identity:worker -j KUBE-SEP-GBZST3QOLAW3U7GW | |
| -A KUBE-SEP-GBZST3QOLAW3U7GW -m comment --comment tectonic-system/tectonic-identity:worker -s 10.2.1.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-GBZST3QOLAW3U7GW -m comment --comment tectonic-system/tectonic-identity:worker -m tcp -p tcp -j DNAT --to-destination 10.2.1.6:5556 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/default-http-backend:http cluster IP" -m tcp -p tcp -d 10.3.143.44/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/default-http-backend:http cluster IP" -m tcp -p tcp -d 10.3.143.44/32 --dport 80 -j KUBE-SVC-LWQ6ERSN2GZ2OM7R | |
| -A KUBE-SVC-LWQ6ERSN2GZ2OM7R -m comment --comment tectonic-system/default-http-backend:http -j KUBE-SEP-6Z64IOM3Y4UU5EMF | |
| -A KUBE-SEP-6Z64IOM3Y4UU5EMF -m comment --comment tectonic-system/default-http-backend:http -s 10.2.1.12/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-6Z64IOM3Y4UU5EMF -m comment --comment tectonic-system/default-http-backend:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.12:8080 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus-operator:http cluster IP" -m tcp -p tcp -d 10.3.135.74/32 --dport 8080 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus-operator:http cluster IP" -m tcp -p tcp -d 10.3.135.74/32 --dport 8080 -j KUBE-SVC-WTJF2MKKUQXO44KB | |
| -A KUBE-SVC-WTJF2MKKUQXO44KB -m comment --comment tectonic-system/prometheus-operator:http -j KUBE-SEP-6O3MYO6KKD3GMNNZ | |
| -A KUBE-SEP-6O3MYO6KKD3GMNNZ -m comment --comment tectonic-system/prometheus-operator:http -s 10.2.1.2/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-6O3MYO6KKD3GMNNZ -m comment --comment tectonic-system/prometheus-operator:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.2:8080 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:https cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 443 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:https cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 443 -j KUBE-SVC-HW3L6WD3C4KVFFKE | |
| -A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp --dport 32000 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp --dport 32000 -j KUBE-SVC-HW3L6WD3C4KVFFKE | |
| -A KUBE-SVC-HW3L6WD3C4KVFFKE -m comment --comment tectonic-system/tectonic-lb:https -j KUBE-SEP-MMVLH7LSMVYO2JQV | |
| -A KUBE-SEP-MMVLH7LSMVYO2JQV -m comment --comment tectonic-system/tectonic-lb:https -s 10.2.1.13/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-MMVLH7LSMVYO2JQV -m comment --comment tectonic-system/tectonic-lb:https -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:443 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity-api:api cluster IP" -m tcp -p tcp -d 10.3.27.11/32 --dport 5557 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-identity-api:api cluster IP" -m tcp -p tcp -d 10.3.27.11/32 --dport 5557 -j KUBE-SVC-WNIBEM2D3V4W3PCZ | |
| -A KUBE-SVC-WNIBEM2D3V4W3PCZ -m comment --comment tectonic-system/tectonic-identity-api:api -m statistic --mode random --probability 0.50000 -j KUBE-SEP-AYVOFZWRPK54UCGR | |
| -A KUBE-SEP-AYVOFZWRPK54UCGR -m comment --comment tectonic-system/tectonic-identity-api:api -s 10.2.1.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-AYVOFZWRPK54UCGR -m comment --comment tectonic-system/tectonic-identity-api:api -m tcp -p tcp -j DNAT --to-destination 10.2.1.4:5557 | |
| -A KUBE-SVC-WNIBEM2D3V4W3PCZ -m comment --comment tectonic-system/tectonic-identity-api:api -j KUBE-SEP-A54WBIDAT6U34IEK | |
| -A KUBE-SEP-A54WBIDAT6U34IEK -m comment --comment tectonic-system/tectonic-identity-api:api -s 10.2.1.6/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-A54WBIDAT6U34IEK -m comment --comment tectonic-system/tectonic-identity-api:api -m tcp -p tcp -j DNAT --to-destination 10.2.1.6:5557 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/kube-state-metrics:http-metrics cluster IP" -m tcp -p tcp -d 10.3.115.195/32 --dport 8080 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/kube-state-metrics:http-metrics cluster IP" -m tcp -p tcp -d 10.3.115.195/32 --dport 8080 -j KUBE-SVC-IUSNRMZFI7TTS4FG | |
| -A KUBE-SVC-IUSNRMZFI7TTS4FG -m comment --comment tectonic-system/kube-state-metrics:http-metrics -j KUBE-SEP-GTMWC2VN76OPYUGA | |
| -A KUBE-SEP-GTMWC2VN76OPYUGA -m comment --comment tectonic-system/kube-state-metrics:http-metrics -s 10.2.1.8/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-GTMWC2VN76OPYUGA -m comment --comment tectonic-system/kube-state-metrics:http-metrics -m tcp -p tcp -j DNAT --to-destination 10.2.1.8:8080 | |
| -A KUBE-SERVICES -m comment --comment "kube-system/etcd-service:client cluster IP" -m tcp -p tcp -d 10.3.0.15/32 --dport 2379 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "kube-system/etcd-service:client cluster IP" -m tcp -p tcp -d 10.3.0.15/32 --dport 2379 -j KUBE-SVC-EI5FL7I4UTJQWVN4 | |
| -A KUBE-SVC-EI5FL7I4UTJQWVN4 -m comment --comment kube-system/etcd-service:client -j KUBE-SEP-L6NN3GNW6HY67JR5 | |
| -A KUBE-SEP-L6NN3GNW6HY67JR5 -m comment --comment kube-system/etcd-service:client -s 10.0.8.141/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-L6NN3GNW6HY67JR5 -m comment --comment kube-system/etcd-service:client -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:2379 | |
| -A KUBE-SERVICES -m comment --comment "default/kubernetes:https cluster IP" -m tcp -p tcp -d 10.3.0.1/32 --dport 443 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "default/kubernetes:https cluster IP" -m tcp -p tcp -d 10.3.0.1/32 --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y | |
| -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment default/kubernetes:https -m recent --name KUBE-SEP-HQ3INDTQHSRJAXAV --rcheck --seconds 10800 --reap -j KUBE-SEP-HQ3INDTQHSRJAXAV | |
| -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment default/kubernetes:https -j KUBE-SEP-HQ3INDTQHSRJAXAV | |
| -A KUBE-SEP-HQ3INDTQHSRJAXAV -m comment --comment default/kubernetes:https -s 10.0.8.141/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-HQ3INDTQHSRJAXAV -m comment --comment default/kubernetes:https -m recent --name KUBE-SEP-HQ3INDTQHSRJAXAV --set -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:443 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-alertmanager:http cluster IP" -m tcp -p tcp -d 10.3.176.251/32 --dport 4180 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-alertmanager:http cluster IP" -m tcp -p tcp -d 10.3.176.251/32 --dport 4180 -j KUBE-SVC-GO2LTBO44KXHV5OS | |
| -A KUBE-SVC-GO2LTBO44KXHV5OS -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -j KUBE-SEP-4U6H5NEHZUIRCLKB | |
| -A KUBE-SEP-4U6H5NEHZUIRCLKB -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -s 10.2.1.10/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-4U6H5NEHZUIRCLKB -m comment --comment tectonic-system/tectonic-monitoring-auth-alertmanager:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.10:4180 | |
| -A KUBE-SERVICES -m comment --comment "kube-system/heapster: cluster IP" -m tcp -p tcp -d 10.3.144.124/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "kube-system/heapster: cluster IP" -m tcp -p tcp -d 10.3.144.124/32 --dport 80 -j KUBE-SVC-BJM46V3U5RZHCFRZ | |
| -A KUBE-SVC-BJM46V3U5RZHCFRZ -m comment --comment kube-system/heapster: -j KUBE-SEP-BQFCWDFZEMKHRR7D | |
| -A KUBE-SEP-BQFCWDFZEMKHRR7D -m comment --comment kube-system/heapster: -s 10.2.1.24/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-BQFCWDFZEMKHRR7D -m comment --comment kube-system/heapster: -m tcp -p tcp -j DNAT --to-destination 10.2.1.24:8082 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:http cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:http cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 80 -j KUBE-SVC-RUU63FO4D7KXXBEB | |
| -A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp --dport 32001 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp --dport 32001 -j KUBE-SVC-RUU63FO4D7KXXBEB | |
| -A KUBE-SVC-RUU63FO4D7KXXBEB -m comment --comment tectonic-system/tectonic-lb:http -j KUBE-SEP-ONMVZA5MKCZE7YS4 | |
| -A KUBE-SEP-ONMVZA5MKCZE7YS4 -m comment --comment tectonic-system/tectonic-lb:http -s 10.2.1.13/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-ONMVZA5MKCZE7YS4 -m comment --comment tectonic-system/tectonic-lb:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:80 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:health cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 10254 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-lb:health cluster IP" -m tcp -p tcp -d 10.3.32.73/32 --dport 10254 -j KUBE-SVC-A6RCWLFMHNFCMRTX | |
| -A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp --dport 32002 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp --dport 32002 -j KUBE-SVC-A6RCWLFMHNFCMRTX | |
| -A KUBE-SVC-A6RCWLFMHNFCMRTX -m comment --comment tectonic-system/tectonic-lb:health -j KUBE-SEP-A73IRJW3JVTSVZHG | |
| -A KUBE-SEP-A73IRJW3JVTSVZHG -m comment --comment tectonic-system/tectonic-lb:health -s 10.2.1.13/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-A73IRJW3JVTSVZHG -m comment --comment tectonic-system/tectonic-lb:health -m tcp -p tcp -j DNAT --to-destination 10.2.1.13:10254 | |
| -A KUBE-SERVICES -m comment --comment "kube-system/kube-etcd-client:client cluster IP" -m tcp -p tcp -d 10.3.55.24/32 --dport 2379 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "kube-system/kube-etcd-client:client cluster IP" -m tcp -p tcp -d 10.3.55.24/32 --dport 2379 -j KUBE-SVC-JEJ6BJ5IBP56KA6D | |
| -A KUBE-SVC-JEJ6BJ5IBP56KA6D -m comment --comment kube-system/kube-etcd-client:client -j KUBE-SEP-OIDVMDZM5X3WFPQF | |
| -A KUBE-SEP-OIDVMDZM5X3WFPQF -m comment --comment kube-system/kube-etcd-client:client -s 10.0.8.141/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-OIDVMDZM5X3WFPQF -m comment --comment kube-system/kube-etcd-client:client -m tcp -p tcp -j DNAT --to-destination 10.0.8.141:2379 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus:web cluster IP" -m tcp -p tcp -d 10.3.238.171/32 --dport 9090 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/prometheus:web cluster IP" -m tcp -p tcp -d 10.3.238.171/32 --dport 9090 -j KUBE-SVC-DFK5ZZPFREAMSJKE | |
| -A KUBE-SVC-DFK5ZZPFREAMSJKE -m comment --comment tectonic-system/prometheus:web -j KUBE-SEP-I6MVPDVTBAPLJS7Q | |
| -A KUBE-SEP-I6MVPDVTBAPLJS7Q -m comment --comment tectonic-system/prometheus:web -s 10.2.1.9/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-I6MVPDVTBAPLJS7Q -m comment --comment tectonic-system/prometheus:web -m tcp -p tcp -j DNAT --to-destination 10.2.1.9:9090 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-console:tectonic-console cluster IP" -m tcp -p tcp -d 10.3.232.123/32 --dport 80 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-console:tectonic-console cluster IP" -m tcp -p tcp -d 10.3.232.123/32 --dport 80 -j KUBE-SVC-HQ22IKBAABFHT5QE | |
| -A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp --dport 30732 -j KUBE-MARK-MASQ | |
| -A KUBE-NODEPORTS -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp --dport 30732 -j KUBE-SVC-HQ22IKBAABFHT5QE | |
| -A KUBE-SVC-HQ22IKBAABFHT5QE -m comment --comment tectonic-system/tectonic-console:tectonic-console -m statistic --mode random --probability 0.50000 -j KUBE-SEP-OV5B5YW7S2E26ZQR | |
| -A KUBE-SEP-OV5B5YW7S2E26ZQR -m comment --comment tectonic-system/tectonic-console:tectonic-console -s 10.2.1.3/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-OV5B5YW7S2E26ZQR -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp -j DNAT --to-destination 10.2.1.3:8080 | |
| -A KUBE-SVC-HQ22IKBAABFHT5QE -m comment --comment tectonic-system/tectonic-console:tectonic-console -j KUBE-SEP-XZBU5RMYLBX5UK7P | |
| -A KUBE-SEP-XZBU5RMYLBX5UK7P -m comment --comment tectonic-system/tectonic-console:tectonic-console -s 10.2.1.5/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-XZBU5RMYLBX5UK7P -m comment --comment tectonic-system/tectonic-console:tectonic-console -m tcp -p tcp -j DNAT --to-destination 10.2.1.5:8080 | |
| -A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp -p udp -d 10.3.0.10/32 --dport 53 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp -p udp -d 10.3.0.10/32 --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU | |
| -A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment kube-system/kube-dns:dns -j KUBE-SEP-RVGJJ4PD7HVV72IX | |
| -A KUBE-SEP-RVGJJ4PD7HVV72IX -m comment --comment kube-system/kube-dns:dns -s 10.2.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-RVGJJ4PD7HVV72IX -m comment --comment kube-system/kube-dns:dns -m udp -p udp -j DNAT --to-destination 10.2.0.4:53 | |
| -A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp -p tcp -d 10.3.0.10/32 --dport 53 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp -p tcp -d 10.3.0.10/32 --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4 | |
| -A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment kube-system/kube-dns:dns-tcp -j KUBE-SEP-JUKHXEQ6L3ILCWM4 | |
| -A KUBE-SEP-JUKHXEQ6L3ILCWM4 -m comment --comment kube-system/kube-dns:dns-tcp -s 10.2.0.4/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-JUKHXEQ6L3ILCWM4 -m comment --comment kube-system/kube-dns:dns-tcp -m tcp -p tcp -j DNAT --to-destination 10.2.0.4:53 | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-prometheus:http cluster IP" -m tcp -p tcp -d 10.3.25.55/32 --dport 4180 ! -s 10.2.0.0/16 -j KUBE-MARK-MASQ | |
| -A KUBE-SERVICES -m comment --comment "tectonic-system/tectonic-monitoring-auth-prometheus:http cluster IP" -m tcp -p tcp -d 10.3.25.55/32 --dport 4180 -j KUBE-SVC-GMW5W2SEZ52UQ3UF | |
| -A KUBE-SVC-GMW5W2SEZ52UQ3UF -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -j KUBE-SEP-U22ZRDW665TOKGJL | |
| -A KUBE-SEP-U22ZRDW665TOKGJL -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -s 10.2.1.11/32 -j KUBE-MARK-MASQ | |
| -A KUBE-SEP-U22ZRDW665TOKGJL -m comment --comment tectonic-system/tectonic-monitoring-auth-prometheus:http -m tcp -p tcp -j DNAT --to-destination 10.2.1.11:4180 | |
| -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS | |
| COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment