Hi All,
I have a single node cluster running on Ubuntu 22. I am not able to figure out why firewall-cmd interfearing with kubernetes headless service routing.
|NAME |STATUS | ROLES | AGE | VERSION |INTERNAL-IP| EXTERNAL-IP | OS-IMAGE | KERNEL-VERSION |
| gpu | Ready | controlplane,etcd,worker | 4d5h | v1.20.4 | X.X.X.X | <none> | Ubuntu 22.04.1 LTS | 5.15.0-47-generic |
Here is the test scenario which I am performing to reproduce the issue.
I have two services A-reg-S (regular service) and A-hed-S (headless service).
I have a single pod A, pod B attached to respective services. When I try to reach pod of regular service from another pod by using DNS, it worked perfecatly fine. But when I try to reach pod of headless service it throws (113) No route to host socket error.
However when I disable my firewall (systemctl stop firewalld.service), I am able to reach to both the pods.
public (active)
target: default
icmp-block-inversion: no
interfaces: enp2s0f0 enp2s0f1
sources:
services: dhcpv6-client ssh
ports: 179/tcp 443/tcp 2377-2380/tcp 4789/udp 5473/tcp 6443/tcp 7946/udp 7946/tcp 8080/tcp 8090-8091/tcp 8472/udp 10250-10255/tcp 10901/tcp 30000-32767/tcp
protocols:
forward: no
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
And both iptables rules with firewall on and off are different. Can you please help me???
Firewall on
Chain INPUT (policy ACCEPT)
target prot opt source destination
cali-INPUT all -- anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c */
KUBE-FIREWALL all -- anywhere anywhere
KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
Chain FORWARD (policy ACCEPT)
target prot opt source destination
cali-FORWARD all -- anywhere anywhere /* cali:wUHhoiAYhphO9Mso */
KUBE-FORWARD all -- anywhere anywhere /* kubernetes forwarding rules */
KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
DOCKER-USER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- ubuntuserver/22 anywhere
ACCEPT all -- anywhere ubuntuserver/22
ACCEPT all -- anywhere anywhere /* cali:S93hcgKJrXEqnTfs */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cali-OUTPUT all -- anywhere anywhere /* cali:tVnHkvAo15HuiPy0 */
KUBE-FIREWALL all -- anywhere anywhere
KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain KUBE-EXTERNAL-SERVICES (2 references)
target prot opt source destination
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
DROP all -- !localhost/8 localhost/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT
Chain KUBE-FORWARD (1 references)
target prot opt source destination
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT all -- anywhere anywhere /* kubernetes forwarding rules */ mark match 0x4000/0x4000
ACCEPT all -- anywhere anywhere /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-KUBELET-CANARY (0 references)
target prot opt source destination
Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination
Chain KUBE-SERVICES (2 references)
target prot opt source destination
Chain cali-FORWARD (1 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:vjrMJCRpqwy5oRoX */ MARK and 0xfff1ffff
cali-from-hep-forward all -- anywhere anywhere /* cali:A_sPAO0mcxbT9mOV */ mark match 0x0/0x10000
cali-from-wl-dispatch all -- anywhere anywhere /* cali:8ZoYfO5HKXWbB3pk */
cali-to-wl-dispatch all -- anywhere anywhere /* cali:jdEuaPBe14V2hutn */
cali-to-hep-forward all -- anywhere anywhere /* cali:12bc6HljsMKsmfr- */
cali-cidr-block all -- anywhere anywhere /* cali:NOSxoaGx8OIstr1z */
Chain cali-INPUT (1 references)
target prot opt source destination
cali-wl-to-host all -- anywhere anywhere [goto] /* cali:FewJpBykm9iJ-YNH */
ACCEPT all -- anywhere anywhere /* cali:hder3ARWznqqv8Va */ mark match 0x10000/0x10000
MARK all -- anywhere anywhere /* cali:xgOu2uJft6H9oDGF */ MARK and 0xfff0ffff
cali-from-host-endpoint all -- anywhere anywhere /* cali:_-d-qojMfHM6NwBo */
ACCEPT all -- anywhere anywhere /* cali:LqmE76MP94lZTGhA */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-OUTPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:Mq1_rAdXXH3YkrzW */ mark match 0x10000/0x10000
RETURN all -- anywhere anywhere /* cali:69FkRTJDvD5Vu6Vl */
MARK all -- anywhere anywhere /* cali:Fskumj4SGQtDV6GC */ MARK and 0xfff0ffff
cali-to-host-endpoint all -- anywhere anywhere /* cali:8rXMdo5sNesjJxGc */
ACCEPT all -- anywhere anywhere /* cali:Ja-pnrHi-PrNKxgd */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-cidr-block (1 references)
target prot opt source destination
Chain cali-from-hep-forward (1 references)
target prot opt source destination
Chain cali-from-host-endpoint (1 references)
target prot opt source destination
Chain cali-from-wl-dispatch (2 references)
target prot opt source destination
cali-fw-cali0dbfebe8b82 all -- anywhere anywhere [goto] /* cali:SVRdvc83bkmWTNpT */
cali-fw-cali131ffa437ea all -- anywhere anywhere [goto] /* cali:1sPFbAzN6zYx41Ds */
cali-fw-cali2259f582ee0 all -- anywhere anywhere [goto] /* cali:XoDuVVzyzrQd0azj */
cali-fw-cali47e3f9968a4 all -- anywhere anywhere [goto] /* cali:T23cZKwCkINyYgfL */
cali-fw-cali6b45471ae76 all -- anywhere anywhere [goto] /* cali:CVki0ts5w2r0ZUkd */
cali-fw-cali72b0f6d79d8 all -- anywhere anywhere [goto] /* cali:gxpeiNjJ2fex9nFH */
cali-fw-cali9a415f28ac8 all -- anywhere anywhere [goto] /* cali:7J8FGt4tnq8fr7R1 */
cali-fw-calia301e45507d all -- anywhere anywhere [goto] /* cali:S28PLY9uIR0gc45g */
cali-from-wl-dispatch-b all -- anywhere anywhere [goto] /* cali:eZd09q5wYhfK_Xa3 */
cali-fw-calidc0b7b54b3e all -- anywhere anywhere [goto] /* cali:vIFt93dP7vXOok6- */
cali-from-wl-dispatch-f all -- anywhere anywhere [goto] /* cali:X0IHm_pRjNYbs2sG */
DROP all -- anywhere anywhere /* cali:hhOpWs_WvTD2cxf8 */ /* Unknown interface */
Chain cali-from-wl-dispatch-b (1 references)
target prot opt source destination
cali-fw-calib62024d6ab3 all -- anywhere anywhere [goto] /* cali:vZSDPFyog3b9oSS7 */
cali-fw-calibb5ed0e88bf all -- anywhere anywhere [goto] /* cali:plyfeFDs4w-L1jjO */
DROP all -- anywhere anywhere /* cali:uA3xWmJOYIhPdIJD */ /* Unknown interface */
Chain cali-from-wl-dispatch-f (1 references)
target prot opt source destination
cali-fw-calif03e7863b33 all -- anywhere anywhere [goto] /* cali:60DbUL_SoDnMuM6E */
cali-fw-califae882059e3 all -- anywhere anywhere [goto] /* cali:ucR_zBd7AFSJdBHd */
cali-fw-califf72c7e9b20 all -- anywhere anywhere [goto] /* cali:GiQcTNe-QvWnuyZS */
DROP all -- anywhere anywhere /* cali:ZW45VZOfuddd4haQ */ /* Unknown interface */
Chain cali-fw-cali0dbfebe8b82 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:OWLKIWhCt_wyhwvn */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:j_ZctI-UJAjUlmeO */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ZpaXslcq-lTMTKid */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:1CDbPOJSd5AwJUXq */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:E7cWgcAvSELBe-cK */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:U63iyMlLmuj43Uur */
RETURN all -- anywhere anywhere /* cali:P2iZbPu0GojKyr8I */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_PxLP9yyGewyeTglPIk all -- anywhere anywhere /* cali:hXxf4zblwCn1TLMM */
RETURN all -- anywhere anywhere /* cali:0M3W9Z21KJmsVxc_ */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:lgZLYQyJDmLA19Fq */ /* Drop if no profiles matched */
Chain cali-fw-cali131ffa437ea (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:B2ok4SCdToLeXZvD */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:A7PWJxVqTjPp-osC */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:i5VydRCZm3lNFJX3 */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:dqLTLmmc0AkV9gi0 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:35eau3y-uo-owk_W */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.kube-system all -- anywhere anywhere /* cali:HSEjQD_8RlsR0Rp9 */
RETURN all -- anywhere anywhere /* cali:f_4o6U6bWU5_rKEU */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_u2Tn2rSoAPffvE7JO6 all -- anywhere anywhere /* cali:CnYA5qvHxBPuV6ji */
RETURN all -- anywhere anywhere /* cali:BhBTOPS1Pv1kxEPH */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:hTOtbvydw0cmToFn */ /* Drop if no profiles matched */
Chain cali-fw-cali2259f582ee0 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:RKsxI--rv7RreS2i */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:2nTYh3PXZSED9qER */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:9mRvdR9ZFJYrUtk2 */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:VGQKbhRKukxsU9bc */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:x7xf8Mbbs6WrXfDF */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:INEReq6jmtSUYfq5 */
RETURN all -- anywhere anywhere /* cali:WYXB98oVShegylsM */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_FdDrYToMIz8_5i1QDB all -- anywhere anywhere /* cali:wLUtEzH9M9UoXT9z */
RETURN all -- anywhere anywhere /* cali:5WedbP3yo_8Exc-8 */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:5QDcq4uY6JiQoL8b */ /* Drop if no profiles matched */
Chain cali-fw-cali47e3f9968a4 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:jskOdA0XcRKAFtzs */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:-cpDnRCgxmqlqeWj */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:9ud9VrdIbg61cWTv */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:SBCwMWVvshmrF6nZ */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:Sc8gpmgLjLB63ahP */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.kube-system all -- anywhere anywhere /* cali:Jr2T730iTwJrbQTu */
RETURN all -- anywhere anywhere /* cali:X5adeyVmEJfWIRFo */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_PTRGc0U-L5Kz7V6ERW all -- anywhere anywhere /* cali:9sGVnk_M5BvLfMJ8 */
RETURN all -- anywhere anywhere /* cali:6jPzJfi73YHoxbKA */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:13C3iiakluG0yrve */ /* Drop if no profiles matched */
Chain cali-fw-cali6b45471ae76 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:pXurzv09w4bd_F_E */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:xJ9EN93YpMLDq1dT */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:fJDs54ypPJhCXDqw */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:a8smEuM--IlQbFw1 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:FA91T55Rrt8exe9n */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:Hj55Zm2-0mCSdpp- */
RETURN all -- anywhere anywhere /* cali:fA0TFgkkK5AB51dr */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_PxLP9yyGewyeTglPIk all -- anywhere anywhere /* cali:K2XXxSZItFWz0E1u */
RETURN all -- anywhere anywhere /* cali:7W-81DWTo6UoAYXa */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:K7zU0teW2nFwDjhe */ /* Drop if no profiles matched */
Chain cali-fw-cali72b0f6d79d8 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:30qjXezWJan0RXWh */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:sg6rU6HmPr9ZqUt1 */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:TkQUQ5s06cJHOali */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:kERKG9DhYxkft1fM */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:uZ8qNKCuqK_4msG- */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:L5tNaJiATAm_vN65 */
RETURN all -- anywhere anywhere /* cali:DfQsgbaH24URYdGY */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_PNC_NWuE2g9AfCatzS all -- anywhere anywhere /* cali:QYuP5N34brrpqPN_ */
RETURN all -- anywhere anywhere /* cali:6a7ylSQ_f3z7roV_ */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:DSXb-19arub5rirl */ /* Drop if no profiles matched */
Chain cali-fw-cali9a415f28ac8 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:PqIurYreQlsW7MGZ */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:lMj0b-Ao7mthleHk */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ZmkIYE-V7aT7Zr9L */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:Y9J5UNjtnQ4gXeh6 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:jWM6pTEiIP32R_w0 */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:qnqlBVU4HdztEVT- */
RETURN all -- anywhere anywhere /* cali:_5s_8OJbc9HBy2od */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_z_pBIuFjAVA_Sb9lHQ all -- anywhere anywhere /* cali:VFiMRXofkSjGtnL1 */
RETURN all -- anywhere anywhere /* cali:02dwIYbtvq13F1ui */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:A0z9Zb3YTrrDdJVT */ /* Drop if no profiles matched */
Chain cali-fw-calia301e45507d (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:Ay1Tg4LPtfndUNTe */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:tDkGQZhiNYsHzlzx */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:eGioQ56lhcip7Qv5 */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:fpH-WiY9-qO6rfyw */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:ZuVcu0xr3K8yk0AX */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.kube-system all -- anywhere anywhere /* cali:6yYajS-emBypB-Ca */
RETURN all -- anywhere anywhere /* cali:5wzUcteORTw21G4g */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_npJ7qTPnQvugDgIE9J all -- anywhere anywhere /* cali:RX6rHIIzgL1kw88p */
RETURN all -- anywhere anywhere /* cali:LktFYTu1vBpCvIEk */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:f0eTQXEG5ABp9JaI */ /* Drop if no profiles matched */
Chain cali-fw-calib62024d6ab3 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:ymkv41gc-PYhZhsd */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:QJ0YCNbo0OJxHvTZ */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:7Lc-rD8v-DKMghyq */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:BlQmyY9HFJPCblAL */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:9rcJ4vcaGzfsE6Me */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:ji7j7Y7gY5L15d2z */
RETURN all -- anywhere anywhere /* cali:WFy6P2lp5EWXyUJq */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_v55N_fkUY7aUv3KPkd all -- anywhere anywhere /* cali:0j7ykwa8moFFEDro */
RETURN all -- anywhere anywhere /* cali:9YM5DRQKpWvb-4mD */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:zmf6xASCzPCnMVxu */ /* Drop if no profiles matched */
Chain cali-fw-calibb5ed0e88bf (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:SSQTJdIcw9Q0i8uY */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:loneO5zmhA1oyVf2 */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ufkL038jGWrMl_jS */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:o8mdIAyKFA2vqH8i */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:qNed1Uw1O0jpWGct */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:PP7RAkVP8cWPNhJ2 */
RETURN all -- anywhere anywhere /* cali:30gexAUhhqHzbPdv */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_E1NcSKZHYVa8G2qbF7 all -- anywhere anywhere /* cali:I268O6GPoTSJNb0o */
RETURN all -- anywhere anywhere /* cali:yozh5tOsgmRvwAvK */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:iHMVm_BQ_6m6xsyD */ /* Drop if no profiles matched */
Chain cali-fw-calidc0b7b54b3e (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:Ql2vItt543YHOb1p */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:i1TuZdl3YOgIv9UY */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ZA4ZdE88Rjp4Aa6G */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:GPfZ8BHfjz5-N9Vr */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:ekHgGbi40wPiqJNj */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.default all -- anywhere anywhere /* cali:ftUApXJnVQvuNnTN */
RETURN all -- anywhere anywhere /* cali:O9X8U38yuyEoSmtg */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-ksa.default.default all -- anywhere anywhere /* cali:z9TRBl8l_qrb4fmM */
RETURN all -- anywhere anywhere /* cali:91KjOl6SB3axuKj8 */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:YBIpDfSZuTnAtJMh */ /* Drop if no profiles matched */
Chain cali-fw-calif03e7863b33 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:_OuKm36-2ZLGDSrW */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:YM0JDopq4AHgC_dl */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ZtsQW52CHJqLLmyQ */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:1Q6PWJlWsDeohWMk */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:WxIGYFxfV4Vu5smd */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:QSX22QWPSnxnBBkn */
RETURN all -- anywhere anywhere /* cali:gIzu7L9r3Avx3kYL */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_Lj8Pj9Ju50MIpTtpya all -- anywhere anywhere /* cali:JyaRUbvGZSX53R5o */
RETURN all -- anywhere anywhere /* cali:phOk86eE8Fq5DjiS */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:Bi81WvuW10qZf0Zh */ /* Drop if no profiles matched */
Chain cali-fw-califae882059e3 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:UdiGdbiv99gCOMer */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:Gl6jgqVO5FvXGeZY */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:7r1BHJqVtSzwRxz- */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:0WiyvHDEdxmQK_Pi */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:LelBQQXjd2Ya5Dtw */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.default all -- anywhere anywhere /* cali:U6raX2rmIhaJiLfa */
RETURN all -- anywhere anywhere /* cali:6xzLl-uwKwCfVERH */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-ksa.default.default all -- anywhere anywhere /* cali:lkGh34jML3jlzaMr */
RETURN all -- anywhere anywhere /* cali:OJV1ARKPJ-KFUBdz */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:-cQ97nDYhF31GBFW */ /* Drop if no profiles matched */
Chain cali-fw-califf72c7e9b20 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:EYSoR8eIBMqpmZ3- */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:HtpQJ3RIHGJyaq3t */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:L2DCQV_H9_bBPthX */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:1eml9pK-MFiuY_vT */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:Fq6ipL774TeN-8GU */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.metallb-system all -- anywhere anywhere /* cali:I9OrgFC9_wR7BHCo */
RETURN all -- anywhere anywhere /* cali:XuSeDzd-KNdZkzt1 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_rfesb_Nv6QzsjWHy5M all -- anywhere anywhere /* cali:stNwTEtIBrfq55_F */
RETURN all -- anywhere anywhere /* cali:6px5WC8qfXoOMmlR */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:mvV6OkijU9aviBxY */ /* Drop if no profiles matched */
Chain cali-pri-_E1NcSKZHYVa8G2qbF7 (1 references)
target prot opt source destination
Chain cali-pri-_FdDrYToMIz8_5i1QDB (1 references)
target prot opt source destination
Chain cali-pri-_Lj8Pj9Ju50MIpTtpya (1 references)
target prot opt source destination
Chain cali-pri-_PNC_NWuE2g9AfCatzS (1 references)
target prot opt source destination
Chain cali-pri-_PTRGc0U-L5Kz7V6ERW (1 references)
target prot opt source destination
Chain cali-pri-_PxLP9yyGewyeTglPIk (2 references)
target prot opt source destination
Chain cali-pri-_npJ7qTPnQvugDgIE9J (1 references)
target prot opt source destination
Chain cali-pri-_rfesb_Nv6QzsjWHy5M (1 references)
target prot opt source destination
Chain cali-pri-_ssjgMnAJoaIenCqD38 (8 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:WmW9eve04OGDpf9k */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:jtS-jNn2Ku6LZSA4 */ mark match 0x10000/0x10000
Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination
Chain cali-pri-_v55N_fkUY7aUv3KPkd (1 references)
target prot opt source destination
Chain cali-pri-_z_pBIuFjAVA_Sb9lHQ (1 references)
target prot opt source destination
Chain cali-pri-kns.default (2 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:7Fnh7Pv3_98FtLW7 */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:ZbV6bJXWSRefjK0u */ mark match 0x10000/0x10000
Chain cali-pri-kns.kube-system (3 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:zoH5gU6U55FKZxEo */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:bcGRIJcyOS9dgBiB */ mark match 0x10000/0x10000
Chain cali-pri-kns.metallb-system (1 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:VY7bEc0s87Rz2RVW */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:VK8fbRHXbge2yaKF */ mark match 0x10000/0x10000
Chain cali-pri-ksa.default.default (2 references)
target prot opt source destination
Chain cali-pro-_E1NcSKZHYVa8G2qbF7 (1 references)
target prot opt source destination
Chain cali-pro-_FdDrYToMIz8_5i1QDB (1 references)
target prot opt source destination
Chain cali-pro-_Lj8Pj9Ju50MIpTtpya (1 references)
target prot opt source destination
Chain cali-pro-_PNC_NWuE2g9AfCatzS (1 references)
target prot opt source destination
Chain cali-pro-_PTRGc0U-L5Kz7V6ERW (1 references)
target prot opt source destination
Chain cali-pro-_PxLP9yyGewyeTglPIk (2 references)
target prot opt source destination
Chain cali-pro-_npJ7qTPnQvugDgIE9J (1 references)
target prot opt source destination
Chain cali-pro-_rfesb_Nv6QzsjWHy5M (1 references)
target prot opt source destination
Chain cali-pro-_ssjgMnAJoaIenCqD38 (8 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:OQ6ZK8T9-KP_N1Yo */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:0bZ2FeLNB2EO3oJ6 */ mark match 0x10000/0x10000
Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination
Chain cali-pro-_v55N_fkUY7aUv3KPkd (1 references)
target prot opt source destination
Chain cali-pro-_z_pBIuFjAVA_Sb9lHQ (1 references)
target prot opt source destination
Chain cali-pro-kns.default (2 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:oLzzje5WExbgfib5 */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:4goskqvxh5xcGw3s */ mark match 0x10000/0x10000
Chain cali-pro-kns.kube-system (3 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:-50oJuMfLVO3LkBk */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:ztVPKv1UYejNzm1g */ mark match 0x10000/0x10000
Chain cali-pro-kns.metallb-system (1 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:ifACvx0V9WlLsDp1 */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:6rbJBL1Zy2dfSRJy */ mark match 0x10000/0x10000
Chain cali-pro-ksa.default.default (2 references)
target prot opt source destination
Chain cali-to-hep-forward (1 references)
target prot opt source destination
Chain cali-to-host-endpoint (1 references)
target prot opt source destination
Chain cali-to-wl-dispatch (1 references)
target prot opt source destination
cali-tw-cali0dbfebe8b82 all -- anywhere anywhere [goto] /* cali:Q5e-jU8-bGOy5JwE */
cali-tw-cali131ffa437ea all -- anywhere anywhere [goto] /* cali:7uObj_7cbIAe-o41 */
cali-tw-cali2259f582ee0 all -- anywhere anywhere [goto] /* cali:22-embZe1bJJXe5F */
cali-tw-cali47e3f9968a4 all -- anywhere anywhere [goto] /* cali:MOszTBtGfKrTy3Iv */
cali-tw-cali6b45471ae76 all -- anywhere anywhere [goto] /* cali:aElE6llVDoH9yJ_1 */
cali-tw-cali72b0f6d79d8 all -- anywhere anywhere [goto] /* cali:EBF1GEINzcWMdChR */
cali-tw-cali9a415f28ac8 all -- anywhere anywhere [goto] /* cali:JV4gdqbPtxEVlEgp */
cali-tw-calia301e45507d all -- anywhere anywhere [goto] /* cali:77MAmbURwFpq2Z6s */
cali-to-wl-dispatch-b all -- anywhere anywhere [goto] /* cali:QD4irr7zqpuCSvT- */
cali-tw-calidc0b7b54b3e all -- anywhere anywhere [goto] /* cali:K6KslWVL5_zNK1hy */
cali-to-wl-dispatch-f all -- anywhere anywhere [goto] /* cali:gZwR0KYl17bB2DAy */
DROP all -- anywhere anywhere /* cali:m0QZRtHjOmJkqEse */ /* Unknown interface */
Chain cali-to-wl-dispatch-b (1 references)
target prot opt source destination
cali-tw-calib62024d6ab3 all -- anywhere anywhere [goto] /* cali:-VoQIAdsDSaHvdMf */
cali-tw-calibb5ed0e88bf all -- anywhere anywhere [goto] /* cali:8Sh1AZiZIrrVLmWc */
DROP all -- anywhere anywhere /* cali:PlFfVVd1YbTnwqO0 */ /* Unknown interface */
Chain cali-to-wl-dispatch-f (1 references)
target prot opt source destination
cali-tw-calif03e7863b33 all -- anywhere anywhere [goto] /* cali:GOJaR0d-uE8E6rfa */
cali-tw-califae882059e3 all -- anywhere anywhere [goto] /* cali:YEgUEeTPsbUIJuQN */
cali-tw-califf72c7e9b20 all -- anywhere anywhere [goto] /* cali:8RfwTilBz_UK4iiN */
DROP all -- anywhere anywhere /* cali:x83S2GTUb7f67-0m */ /* Unknown interface */
Chain cali-tw-cali0dbfebe8b82 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:hXJKIVtpXDu1IuEG */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:GQVOZ7idXTRjfdl7 */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:BWEwdHTbQVzDKRiy */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:VUqQwSYfl8zweH-B */
RETURN all -- anywhere anywhere /* cali:aj4DS2bhcP4ErD1w */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_PxLP9yyGewyeTglPIk all -- anywhere anywhere /* cali:n-H4XYcae7wDO8tS */
RETURN all -- anywhere anywhere /* cali:mUUjCG9oixvW1hyX */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:EEG_GCfA2kUZidAB */ /* Drop if no profiles matched */
Chain cali-tw-cali131ffa437ea (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:UfNfQJkLYpizMWY_ */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:A_PvWaDzuXvzmVEt */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:PrSMQZ92bTKuLrVv */ MARK and 0xfffeffff
cali-pri-kns.kube-system all -- anywhere anywhere /* cali:JuGH9AB9Z7iugZdz */
RETURN all -- anywhere anywhere /* cali:PzgU_OaXa2z-KS6f */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_u2Tn2rSoAPffvE7JO6 all -- anywhere anywhere /* cali:QK6g6HpvJ2L1BIOk */
RETURN all -- anywhere anywhere /* cali:3IIJut6JVqPBgPdD */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:u6JibO7XziyuCnZB */ /* Drop if no profiles matched */
Chain cali-tw-cali2259f582ee0 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:cOF_5ex3LFR7qM3w */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:J3GCQbuHcccGl87t */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:n8dqVCIZ7tS44C2K */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:tTnNT4k0FExF0aWZ */
RETURN all -- anywhere anywhere /* cali:xhjvQBu8VT8XG55Q */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_FdDrYToMIz8_5i1QDB all -- anywhere anywhere /* cali:VQpvMVUFbiSleg2a */
RETURN all -- anywhere anywhere /* cali:ykQY7uT7xwnd8cGw */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:4-33KirUjN2hB1PR */ /* Drop if no profiles matched */
Chain cali-tw-cali47e3f9968a4 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:l3Z3LG4dHIGKpwQW */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:UXyzpyZh1hQq-iF1 */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:Sb-fdOfKroCSgyTR */ MARK and 0xfffeffff
cali-pri-kns.kube-system all -- anywhere anywhere /* cali:cHW3jg-QH097VTCY */
RETURN all -- anywhere anywhere /* cali:djLTNc9JVY1zdVVa */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_PTRGc0U-L5Kz7V6ERW all -- anywhere anywhere /* cali:zTRmfuLF5NVZ8xh9 */
RETURN all -- anywhere anywhere /* cali:kqf7WXbacHAVnmSh */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:1IytWyvitVXHX2G4 */ /* Drop if no profiles matched */
Chain cali-tw-cali6b45471ae76 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:6kghaoaZVkJLThbS */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:RiLfC5oGPbbo5zqZ */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ddGHvX2uNjN1RWeK */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:B9DjWpOeVWnQQOAt */
RETURN all -- anywhere anywhere /* cali:meGLYCzhCETKOalX */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_PxLP9yyGewyeTglPIk all -- anywhere anywhere /* cali:T2ihaSnkKlCBWuvt */
RETURN all -- anywhere anywhere /* cali:ACOiOlH_ELNn4gwa */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:bFDuSNAFbgReBVUK */ /* Drop if no profiles matched */
Chain cali-tw-cali72b0f6d79d8 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:uwYJXSIa3BCF7eBY */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:6DRkg0v2wC3kphKH */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:2_uq6FRW15OEo3HT */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:eAWAiO0P09Azqt-i */
RETURN all -- anywhere anywhere /* cali:TOprD3q5yEPNOMGF */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_PNC_NWuE2g9AfCatzS all -- anywhere anywhere /* cali:ckijnrRVfIyxsPZJ */
RETURN all -- anywhere anywhere /* cali:WJypK0EA7kZmYWcA */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:ZNu-J9GuGEPZ-WwM */ /* Drop if no profiles matched */
Chain cali-tw-cali9a415f28ac8 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:j3WAHWtR8636zvzE */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:5Zsgg-QsHhYcac2p */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:cDyQGsLmwvrRgAye */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:FFi5eaE_J58GvqL7 */
RETURN all -- anywhere anywhere /* cali:n2qI3P9SXlafoZKo */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_z_pBIuFjAVA_Sb9lHQ all -- anywhere anywhere /* cali:KzTKz25Hxi-Youjs */
RETURN all -- anywhere anywhere /* cali:1FNFPnB8IfamiXOg */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:wruDzaTUUHDaY-tS */ /* Drop if no profiles matched */
Chain cali-tw-calia301e45507d (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:DDDdD95mRGGHi68h */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:Da7BVeQoM2SJaHJD */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:2ig377fwboG5mzW- */ MARK and 0xfffeffff
cali-pri-kns.kube-system all -- anywhere anywhere /* cali:Pa1As68B6TvA6rxR */
RETURN all -- anywhere anywhere /* cali:i6Z3st4N3yZMVFQh */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_npJ7qTPnQvugDgIE9J all -- anywhere anywhere /* cali:wGHF_RKV6gg5EPPy */
RETURN all -- anywhere anywhere /* cali:klr5RflSHsQvZiMv */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:-vzZVGV7tDv4JRZI */ /* Drop if no profiles matched */
Chain cali-tw-calib62024d6ab3 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:X_mgJ3bTE3ShPIQF */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:pBVnGlQ5DAxvDplo */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:LkKgxKj3ItHWc-3K */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:Gx58bTWepCZ1aPOq */
RETURN all -- anywhere anywhere /* cali:GzmHUHuuHB65vZ57 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_v55N_fkUY7aUv3KPkd all -- anywhere anywhere /* cali:wtimDKRBmrCloyYn */
RETURN all -- anywhere anywhere /* cali:5SzjxBRkQCofoEge */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:Okk9ztRBlLlEfbw1 */ /* Drop if no profiles matched */
Chain cali-tw-calibb5ed0e88bf (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:AW6UvcuzqB00y00u */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:iFYPiHj-mBo2oXPF */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:VOBA7teGPkNRU_4d */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:GHK__-BwqKC_2ZRn */
RETURN all -- anywhere anywhere /* cali:Laby0YVI8OORuLOU */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_E1NcSKZHYVa8G2qbF7 all -- anywhere anywhere /* cali:8HUnhlzSAUWyMHEu */
RETURN all -- anywhere anywhere /* cali:U6K8GWn5Zdv3JRTJ */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:RFAWMnnkB2C24AAP */ /* Drop if no profiles matched */
Chain cali-tw-calidc0b7b54b3e (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:2kwQm8hjqhQhvy7M */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:O4OGi3kciHseNkOx */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:UvcO3sC-25VwVV09 */ MARK and 0xfffeffff
cali-pri-kns.default all -- anywhere anywhere /* cali:WXjM4h8GU_cTxWN8 */
RETURN all -- anywhere anywhere /* cali:InVMUQo50rowxmQ8 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-ksa.default.default all -- anywhere anywhere /* cali:AN9vMnFEzRYmgJzw */
RETURN all -- anywhere anywhere /* cali:PK211yxs4Jb-noY7 */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:n1kHhfd0mgBRJ0FT */ /* Drop if no profiles matched */
Chain cali-tw-calif03e7863b33 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:2wZgALH8yEK-8Syg */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:3sB2KXl0Ty-vLFhL */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:KsUomkbAUu_zPn2- */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:mw25c37-i6Q6ib7v */
RETURN all -- anywhere anywhere /* cali:NcPQ-1XUxMf3tTm2 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_Lj8Pj9Ju50MIpTtpya all -- anywhere anywhere /* cali:WGpPU8KveH_0Y-5e */
RETURN all -- anywhere anywhere /* cali:6-ZFKpG3LZrcBiLE */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:MKWIQ9ics0dAC3j8 */ /* Drop if no profiles matched */
Chain cali-tw-califae882059e3 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:Ex2BQt8zfMWfzTZH */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:YNaVzRLdtePpsG_A */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:zl3VZhG24USPF20s */ MARK and 0xfffeffff
cali-pri-kns.default all -- anywhere anywhere /* cali:SAX4ZgbUND8hGH6q */
RETURN all -- anywhere anywhere /* cali:aV7qXBbbkOEw0DhS */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-ksa.default.default all -- anywhere anywhere /* cali:s-JtvtkSYR5K77Cz */
RETURN all -- anywhere anywhere /* cali:BYLAcH4H6LCBtkil */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:fzsxKQmttL8E8eXw */ /* Drop if no profiles matched */
Chain cali-tw-califf72c7e9b20 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:r4rZufGmWuyEvYgX */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:oFtfsHdLObXr-X7c */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:7M1ls1ryiE9zNhoU */ MARK and 0xfffeffff
cali-pri-kns.metallb-system all -- anywhere anywhere /* cali:WDoFtRCutevzZAwe */
RETURN all -- anywhere anywhere /* cali:8CvF8Rhg0h252iE1 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_rfesb_Nv6QzsjWHy5M all -- anywhere anywhere /* cali:WBBCDhTu5QLz0s67 */
RETURN all -- anywhere anywhere /* cali:37FzZZaH2NsHTU2U */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:NkeLY8BpUoO4JjB_ */ /* Drop if no profiles matched */
Chain cali-wl-to-host (1 references)
target prot opt source destination
cali-from-wl-dispatch all -- anywhere anywhere /* cali:Ee9Sbo10IpVujdIY */
ACCEPT all -- anywhere anywhere /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */
Firewall Off
Chain INPUT (policy ACCEPT)
target prot opt source destination
cali-INPUT all -- anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c */
KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
Chain FORWARD (policy ACCEPT)
target prot opt source destination
cali-FORWARD all -- anywhere anywhere /* cali:wUHhoiAYhphO9Mso */
KUBE-FORWARD all -- anywhere anywhere /* kubernetes forwarding rules */
KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
ACCEPT all -- ubuntuserver/22 anywhere
ACCEPT all -- anywhere ubuntuserver/22
ACCEPT all -- anywhere anywhere /* cali:S93hcgKJrXEqnTfs */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cali-OUTPUT all -- anywhere anywhere /* cali:tVnHkvAo15HuiPy0 */
KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
Chain KUBE-EXTERNAL-SERVICES (2 references)
target prot opt source destination
Chain KUBE-FORWARD (1 references)
target prot opt source destination
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT all -- anywhere anywhere /* kubernetes forwarding rules */ mark match 0x4000/0x4000
ACCEPT all -- anywhere anywhere /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination
Chain KUBE-SERVICES (2 references)
target prot opt source destination
Chain cali-FORWARD (1 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:vjrMJCRpqwy5oRoX */ MARK and 0xfff1ffff
cali-from-hep-forward all -- anywhere anywhere /* cali:A_sPAO0mcxbT9mOV */ mark match 0x0/0x10000
cali-from-wl-dispatch all -- anywhere anywhere /* cali:8ZoYfO5HKXWbB3pk */
cali-to-wl-dispatch all -- anywhere anywhere /* cali:jdEuaPBe14V2hutn */
cali-to-hep-forward all -- anywhere anywhere /* cali:12bc6HljsMKsmfr- */
cali-cidr-block all -- anywhere anywhere /* cali:NOSxoaGx8OIstr1z */
Chain cali-INPUT (1 references)
target prot opt source destination
cali-wl-to-host all -- anywhere anywhere [goto] /* cali:FewJpBykm9iJ-YNH */
ACCEPT all -- anywhere anywhere /* cali:hder3ARWznqqv8Va */ mark match 0x10000/0x10000
MARK all -- anywhere anywhere /* cali:xgOu2uJft6H9oDGF */ MARK and 0xfff0ffff
cali-from-host-endpoint all -- anywhere anywhere /* cali:_-d-qojMfHM6NwBo */
ACCEPT all -- anywhere anywhere /* cali:LqmE76MP94lZTGhA */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-OUTPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:Mq1_rAdXXH3YkrzW */ mark match 0x10000/0x10000
RETURN all -- anywhere anywhere /* cali:69FkRTJDvD5Vu6Vl */
MARK all -- anywhere anywhere /* cali:Fskumj4SGQtDV6GC */ MARK and 0xfff0ffff
cali-to-host-endpoint all -- anywhere anywhere /* cali:8rXMdo5sNesjJxGc */
ACCEPT all -- anywhere anywhere /* cali:Ja-pnrHi-PrNKxgd */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-cidr-block (1 references)
target prot opt source destination
Chain cali-from-hep-forward (1 references)
target prot opt source destination
Chain cali-from-host-endpoint (1 references)
target prot opt source destination
Chain cali-from-wl-dispatch (2 references)
target prot opt source destination
cali-fw-cali0dbfebe8b82 all -- anywhere anywhere [goto] /* cali:SVRdvc83bkmWTNpT */
cali-fw-cali131ffa437ea all -- anywhere anywhere [goto] /* cali:1sPFbAzN6zYx41Ds */
cali-fw-cali2259f582ee0 all -- anywhere anywhere [goto] /* cali:XoDuVVzyzrQd0azj */
cali-fw-cali47e3f9968a4 all -- anywhere anywhere [goto] /* cali:T23cZKwCkINyYgfL */
cali-fw-cali6b45471ae76 all -- anywhere anywhere [goto] /* cali:CVki0ts5w2r0ZUkd */
cali-fw-cali72b0f6d79d8 all -- anywhere anywhere [goto] /* cali:gxpeiNjJ2fex9nFH */
cali-fw-cali9a415f28ac8 all -- anywhere anywhere [goto] /* cali:7J8FGt4tnq8fr7R1 */
cali-fw-calia301e45507d all -- anywhere anywhere [goto] /* cali:S28PLY9uIR0gc45g */
cali-from-wl-dispatch-b all -- anywhere anywhere [goto] /* cali:eZd09q5wYhfK_Xa3 */
cali-fw-calidc0b7b54b3e all -- anywhere anywhere [goto] /* cali:vIFt93dP7vXOok6- */
cali-from-wl-dispatch-f all -- anywhere anywhere [goto] /* cali:X0IHm_pRjNYbs2sG */
DROP all -- anywhere anywhere /* cali:hhOpWs_WvTD2cxf8 */ /* Unknown interface */
Chain cali-from-wl-dispatch-b (1 references)
target prot opt source destination
cali-fw-calib62024d6ab3 all -- anywhere anywhere [goto] /* cali:vZSDPFyog3b9oSS7 */
cali-fw-calibb5ed0e88bf all -- anywhere anywhere [goto] /* cali:plyfeFDs4w-L1jjO */
DROP all -- anywhere anywhere /* cali:uA3xWmJOYIhPdIJD */ /* Unknown interface */
Chain cali-from-wl-dispatch-f (1 references)
target prot opt source destination
cali-fw-calif03e7863b33 all -- anywhere anywhere [goto] /* cali:60DbUL_SoDnMuM6E */
cali-fw-califae882059e3 all -- anywhere anywhere [goto] /* cali:ucR_zBd7AFSJdBHd */
cali-fw-califf72c7e9b20 all -- anywhere anywhere [goto] /* cali:GiQcTNe-QvWnuyZS */
DROP all -- anywhere anywhere /* cali:ZW45VZOfuddd4haQ */ /* Unknown interface */
Chain cali-fw-cali0dbfebe8b82 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:OWLKIWhCt_wyhwvn */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:j_ZctI-UJAjUlmeO */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ZpaXslcq-lTMTKid */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:1CDbPOJSd5AwJUXq */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:E7cWgcAvSELBe-cK */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:U63iyMlLmuj43Uur */
RETURN all -- anywhere anywhere /* cali:P2iZbPu0GojKyr8I */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_PxLP9yyGewyeTglPIk all -- anywhere anywhere /* cali:hXxf4zblwCn1TLMM */
RETURN all -- anywhere anywhere /* cali:0M3W9Z21KJmsVxc_ */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:lgZLYQyJDmLA19Fq */ /* Drop if no profiles matched */
Chain cali-fw-cali131ffa437ea (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:B2ok4SCdToLeXZvD */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:A7PWJxVqTjPp-osC */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:i5VydRCZm3lNFJX3 */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:dqLTLmmc0AkV9gi0 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:35eau3y-uo-owk_W */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.kube-system all -- anywhere anywhere /* cali:HSEjQD_8RlsR0Rp9 */
RETURN all -- anywhere anywhere /* cali:f_4o6U6bWU5_rKEU */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_u2Tn2rSoAPffvE7JO6 all -- anywhere anywhere /* cali:CnYA5qvHxBPuV6ji */
RETURN all -- anywhere anywhere /* cali:BhBTOPS1Pv1kxEPH */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:hTOtbvydw0cmToFn */ /* Drop if no profiles matched */
Chain cali-fw-cali2259f582ee0 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:RKsxI--rv7RreS2i */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:2nTYh3PXZSED9qER */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:9mRvdR9ZFJYrUtk2 */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:VGQKbhRKukxsU9bc */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:x7xf8Mbbs6WrXfDF */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:INEReq6jmtSUYfq5 */
RETURN all -- anywhere anywhere /* cali:WYXB98oVShegylsM */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_FdDrYToMIz8_5i1QDB all -- anywhere anywhere /* cali:wLUtEzH9M9UoXT9z */
RETURN all -- anywhere anywhere /* cali:5WedbP3yo_8Exc-8 */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:5QDcq4uY6JiQoL8b */ /* Drop if no profiles matched */
Chain cali-fw-cali47e3f9968a4 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:jskOdA0XcRKAFtzs */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:-cpDnRCgxmqlqeWj */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:9ud9VrdIbg61cWTv */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:SBCwMWVvshmrF6nZ */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:Sc8gpmgLjLB63ahP */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.kube-system all -- anywhere anywhere /* cali:Jr2T730iTwJrbQTu */
RETURN all -- anywhere anywhere /* cali:X5adeyVmEJfWIRFo */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_PTRGc0U-L5Kz7V6ERW all -- anywhere anywhere /* cali:9sGVnk_M5BvLfMJ8 */
RETURN all -- anywhere anywhere /* cali:6jPzJfi73YHoxbKA */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:13C3iiakluG0yrve */ /* Drop if no profiles matched */
Chain cali-fw-cali6b45471ae76 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:pXurzv09w4bd_F_E */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:xJ9EN93YpMLDq1dT */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:fJDs54ypPJhCXDqw */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:a8smEuM--IlQbFw1 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:FA91T55Rrt8exe9n */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:Hj55Zm2-0mCSdpp- */
RETURN all -- anywhere anywhere /* cali:fA0TFgkkK5AB51dr */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_PxLP9yyGewyeTglPIk all -- anywhere anywhere /* cali:K2XXxSZItFWz0E1u */
RETURN all -- anywhere anywhere /* cali:7W-81DWTo6UoAYXa */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:K7zU0teW2nFwDjhe */ /* Drop if no profiles matched */
Chain cali-fw-cali72b0f6d79d8 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:30qjXezWJan0RXWh */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:sg6rU6HmPr9ZqUt1 */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:TkQUQ5s06cJHOali */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:kERKG9DhYxkft1fM */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:uZ8qNKCuqK_4msG- */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:L5tNaJiATAm_vN65 */
RETURN all -- anywhere anywhere /* cali:DfQsgbaH24URYdGY */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_PNC_NWuE2g9AfCatzS all -- anywhere anywhere /* cali:QYuP5N34brrpqPN_ */
RETURN all -- anywhere anywhere /* cali:6a7ylSQ_f3z7roV_ */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:DSXb-19arub5rirl */ /* Drop if no profiles matched */
Chain cali-fw-cali9a415f28ac8 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:PqIurYreQlsW7MGZ */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:lMj0b-Ao7mthleHk */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ZmkIYE-V7aT7Zr9L */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:Y9J5UNjtnQ4gXeh6 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:jWM6pTEiIP32R_w0 */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:qnqlBVU4HdztEVT- */
RETURN all -- anywhere anywhere /* cali:_5s_8OJbc9HBy2od */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_z_pBIuFjAVA_Sb9lHQ all -- anywhere anywhere /* cali:VFiMRXofkSjGtnL1 */
RETURN all -- anywhere anywhere /* cali:02dwIYbtvq13F1ui */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:A0z9Zb3YTrrDdJVT */ /* Drop if no profiles matched */
Chain cali-fw-calia301e45507d (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:Ay1Tg4LPtfndUNTe */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:tDkGQZhiNYsHzlzx */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:eGioQ56lhcip7Qv5 */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:fpH-WiY9-qO6rfyw */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:ZuVcu0xr3K8yk0AX */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.kube-system all -- anywhere anywhere /* cali:6yYajS-emBypB-Ca */
RETURN all -- anywhere anywhere /* cali:5wzUcteORTw21G4g */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_npJ7qTPnQvugDgIE9J all -- anywhere anywhere /* cali:RX6rHIIzgL1kw88p */
RETURN all -- anywhere anywhere /* cali:LktFYTu1vBpCvIEk */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:f0eTQXEG5ABp9JaI */ /* Drop if no profiles matched */
Chain cali-fw-calib62024d6ab3 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:ymkv41gc-PYhZhsd */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:QJ0YCNbo0OJxHvTZ */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:7Lc-rD8v-DKMghyq */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:BlQmyY9HFJPCblAL */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:9rcJ4vcaGzfsE6Me */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:ji7j7Y7gY5L15d2z */
RETURN all -- anywhere anywhere /* cali:WFy6P2lp5EWXyUJq */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_v55N_fkUY7aUv3KPkd all -- anywhere anywhere /* cali:0j7ykwa8moFFEDro */
RETURN all -- anywhere anywhere /* cali:9YM5DRQKpWvb-4mD */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:zmf6xASCzPCnMVxu */ /* Drop if no profiles matched */
Chain cali-fw-calibb5ed0e88bf (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:SSQTJdIcw9Q0i8uY */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:loneO5zmhA1oyVf2 */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ufkL038jGWrMl_jS */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:o8mdIAyKFA2vqH8i */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:qNed1Uw1O0jpWGct */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:PP7RAkVP8cWPNhJ2 */
RETURN all -- anywhere anywhere /* cali:30gexAUhhqHzbPdv */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_E1NcSKZHYVa8G2qbF7 all -- anywhere anywhere /* cali:I268O6GPoTSJNb0o */
RETURN all -- anywhere anywhere /* cali:yozh5tOsgmRvwAvK */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:iHMVm_BQ_6m6xsyD */ /* Drop if no profiles matched */
Chain cali-fw-calidc0b7b54b3e (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:Ql2vItt543YHOb1p */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:i1TuZdl3YOgIv9UY */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ZA4ZdE88Rjp4Aa6G */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:GPfZ8BHfjz5-N9Vr */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:ekHgGbi40wPiqJNj */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.default all -- anywhere anywhere /* cali:ftUApXJnVQvuNnTN */
RETURN all -- anywhere anywhere /* cali:O9X8U38yuyEoSmtg */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-ksa.default.default all -- anywhere anywhere /* cali:z9TRBl8l_qrb4fmM */
RETURN all -- anywhere anywhere /* cali:91KjOl6SB3axuKj8 */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:YBIpDfSZuTnAtJMh */ /* Drop if no profiles matched */
Chain cali-fw-calif03e7863b33 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:_OuKm36-2ZLGDSrW */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:YM0JDopq4AHgC_dl */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ZtsQW52CHJqLLmyQ */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:1Q6PWJlWsDeohWMk */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:WxIGYFxfV4Vu5smd */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:QSX22QWPSnxnBBkn */
RETURN all -- anywhere anywhere /* cali:gIzu7L9r3Avx3kYL */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_Lj8Pj9Ju50MIpTtpya all -- anywhere anywhere /* cali:JyaRUbvGZSX53R5o */
RETURN all -- anywhere anywhere /* cali:phOk86eE8Fq5DjiS */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:Bi81WvuW10qZf0Zh */ /* Drop if no profiles matched */
Chain cali-fw-califae882059e3 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:UdiGdbiv99gCOMer */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:Gl6jgqVO5FvXGeZY */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:7r1BHJqVtSzwRxz- */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:0WiyvHDEdxmQK_Pi */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:LelBQQXjd2Ya5Dtw */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.default all -- anywhere anywhere /* cali:U6raX2rmIhaJiLfa */
RETURN all -- anywhere anywhere /* cali:6xzLl-uwKwCfVERH */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-ksa.default.default all -- anywhere anywhere /* cali:lkGh34jML3jlzaMr */
RETURN all -- anywhere anywhere /* cali:OJV1ARKPJ-KFUBdz */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:-cQ97nDYhF31GBFW */ /* Drop if no profiles matched */
Chain cali-fw-califf72c7e9b20 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:EYSoR8eIBMqpmZ3- */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:HtpQJ3RIHGJyaq3t */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:L2DCQV_H9_bBPthX */ MARK and 0xfffeffff
DROP udp -- anywhere anywhere /* cali:1eml9pK-MFiuY_vT */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
DROP ipencap-- anywhere anywhere /* cali:Fq6ipL774TeN-8GU */ /* Drop IPinIP encapped packets originating in workloads */
cali-pro-kns.metallb-system all -- anywhere anywhere /* cali:I9OrgFC9_wR7BHCo */
RETURN all -- anywhere anywhere /* cali:XuSeDzd-KNdZkzt1 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pro-_rfesb_Nv6QzsjWHy5M all -- anywhere anywhere /* cali:stNwTEtIBrfq55_F */
RETURN all -- anywhere anywhere /* cali:6px5WC8qfXoOMmlR */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:mvV6OkijU9aviBxY */ /* Drop if no profiles matched */
Chain cali-pri-_E1NcSKZHYVa8G2qbF7 (1 references)
target prot opt source destination
Chain cali-pri-_FdDrYToMIz8_5i1QDB (1 references)
target prot opt source destination
Chain cali-pri-_Lj8Pj9Ju50MIpTtpya (1 references)
target prot opt source destination
Chain cali-pri-_PNC_NWuE2g9AfCatzS (1 references)
target prot opt source destination
Chain cali-pri-_PTRGc0U-L5Kz7V6ERW (1 references)
target prot opt source destination
Chain cali-pri-_PxLP9yyGewyeTglPIk (2 references)
target prot opt source destination
Chain cali-pri-_npJ7qTPnQvugDgIE9J (1 references)
target prot opt source destination
Chain cali-pri-_rfesb_Nv6QzsjWHy5M (1 references)
target prot opt source destination
Chain cali-pri-_ssjgMnAJoaIenCqD38 (8 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:WmW9eve04OGDpf9k */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:jtS-jNn2Ku6LZSA4 */ mark match 0x10000/0x10000
Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination
Chain cali-pri-_v55N_fkUY7aUv3KPkd (1 references)
target prot opt source destination
Chain cali-pri-_z_pBIuFjAVA_Sb9lHQ (1 references)
target prot opt source destination
Chain cali-pri-kns.default (2 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:7Fnh7Pv3_98FtLW7 */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:ZbV6bJXWSRefjK0u */ mark match 0x10000/0x10000
Chain cali-pri-kns.kube-system (3 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:zoH5gU6U55FKZxEo */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:bcGRIJcyOS9dgBiB */ mark match 0x10000/0x10000
Chain cali-pri-kns.metallb-system (1 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:VY7bEc0s87Rz2RVW */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:VK8fbRHXbge2yaKF */ mark match 0x10000/0x10000
Chain cali-pri-ksa.default.default (2 references)
target prot opt source destination
Chain cali-pro-_E1NcSKZHYVa8G2qbF7 (1 references)
target prot opt source destination
Chain cali-pro-_FdDrYToMIz8_5i1QDB (1 references)
target prot opt source destination
Chain cali-pro-_Lj8Pj9Ju50MIpTtpya (1 references)
target prot opt source destination
Chain cali-pro-_PNC_NWuE2g9AfCatzS (1 references)
target prot opt source destination
Chain cali-pro-_PTRGc0U-L5Kz7V6ERW (1 references)
target prot opt source destination
Chain cali-pro-_PxLP9yyGewyeTglPIk (2 references)
target prot opt source destination
Chain cali-pro-_npJ7qTPnQvugDgIE9J (1 references)
target prot opt source destination
Chain cali-pro-_rfesb_Nv6QzsjWHy5M (1 references)
target prot opt source destination
Chain cali-pro-_ssjgMnAJoaIenCqD38 (8 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:OQ6ZK8T9-KP_N1Yo */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:0bZ2FeLNB2EO3oJ6 */ mark match 0x10000/0x10000
Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination
Chain cali-pro-_v55N_fkUY7aUv3KPkd (1 references)
target prot opt source destination
Chain cali-pro-_z_pBIuFjAVA_Sb9lHQ (1 references)
target prot opt source destination
Chain cali-pro-kns.default (2 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:oLzzje5WExbgfib5 */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:4goskqvxh5xcGw3s */ mark match 0x10000/0x10000
Chain cali-pro-kns.kube-system (3 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:-50oJuMfLVO3LkBk */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:ztVPKv1UYejNzm1g */ mark match 0x10000/0x10000
Chain cali-pro-kns.metallb-system (1 references)
target prot opt source destination
MARK all -- anywhere anywhere /* cali:ifACvx0V9WlLsDp1 */ MARK or 0x10000
RETURN all -- anywhere anywhere /* cali:6rbJBL1Zy2dfSRJy */ mark match 0x10000/0x10000
Chain cali-pro-ksa.default.default (2 references)
target prot opt source destination
Chain cali-to-hep-forward (1 references)
target prot opt source destination
Chain cali-to-host-endpoint (1 references)
target prot opt source destination
Chain cali-to-wl-dispatch (1 references)
target prot opt source destination
cali-tw-cali0dbfebe8b82 all -- anywhere anywhere [goto] /* cali:Q5e-jU8-bGOy5JwE */
cali-tw-cali131ffa437ea all -- anywhere anywhere [goto] /* cali:7uObj_7cbIAe-o41 */
cali-tw-cali2259f582ee0 all -- anywhere anywhere [goto] /* cali:22-embZe1bJJXe5F */
cali-tw-cali47e3f9968a4 all -- anywhere anywhere [goto] /* cali:MOszTBtGfKrTy3Iv */
cali-tw-cali6b45471ae76 all -- anywhere anywhere [goto] /* cali:aElE6llVDoH9yJ_1 */
cali-tw-cali72b0f6d79d8 all -- anywhere anywhere [goto] /* cali:EBF1GEINzcWMdChR */
cali-tw-cali9a415f28ac8 all -- anywhere anywhere [goto] /* cali:JV4gdqbPtxEVlEgp */
cali-tw-calia301e45507d all -- anywhere anywhere [goto] /* cali:77MAmbURwFpq2Z6s */
cali-to-wl-dispatch-b all -- anywhere anywhere [goto] /* cali:QD4irr7zqpuCSvT- */
cali-tw-calidc0b7b54b3e all -- anywhere anywhere [goto] /* cali:K6KslWVL5_zNK1hy */
cali-to-wl-dispatch-f all -- anywhere anywhere [goto] /* cali:gZwR0KYl17bB2DAy */
DROP all -- anywhere anywhere /* cali:m0QZRtHjOmJkqEse */ /* Unknown interface */
Chain cali-to-wl-dispatch-b (1 references)
target prot opt source destination
cali-tw-calib62024d6ab3 all -- anywhere anywhere [goto] /* cali:-VoQIAdsDSaHvdMf */
cali-tw-calibb5ed0e88bf all -- anywhere anywhere [goto] /* cali:8Sh1AZiZIrrVLmWc */
DROP all -- anywhere anywhere /* cali:PlFfVVd1YbTnwqO0 */ /* Unknown interface */
Chain cali-to-wl-dispatch-f (1 references)
target prot opt source destination
cali-tw-calif03e7863b33 all -- anywhere anywhere [goto] /* cali:GOJaR0d-uE8E6rfa */
cali-tw-califae882059e3 all -- anywhere anywhere [goto] /* cali:YEgUEeTPsbUIJuQN */
cali-tw-califf72c7e9b20 all -- anywhere anywhere [goto] /* cali:8RfwTilBz_UK4iiN */
DROP all -- anywhere anywhere /* cali:x83S2GTUb7f67-0m */ /* Unknown interface */
Chain cali-tw-cali0dbfebe8b82 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:hXJKIVtpXDu1IuEG */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:GQVOZ7idXTRjfdl7 */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:BWEwdHTbQVzDKRiy */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:VUqQwSYfl8zweH-B */
RETURN all -- anywhere anywhere /* cali:aj4DS2bhcP4ErD1w */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_PxLP9yyGewyeTglPIk all -- anywhere anywhere /* cali:n-H4XYcae7wDO8tS */
RETURN all -- anywhere anywhere /* cali:mUUjCG9oixvW1hyX */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:EEG_GCfA2kUZidAB */ /* Drop if no profiles matched */
Chain cali-tw-cali131ffa437ea (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:UfNfQJkLYpizMWY_ */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:A_PvWaDzuXvzmVEt */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:PrSMQZ92bTKuLrVv */ MARK and 0xfffeffff
cali-pri-kns.kube-system all -- anywhere anywhere /* cali:JuGH9AB9Z7iugZdz */
RETURN all -- anywhere anywhere /* cali:PzgU_OaXa2z-KS6f */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_u2Tn2rSoAPffvE7JO6 all -- anywhere anywhere /* cali:QK6g6HpvJ2L1BIOk */
RETURN all -- anywhere anywhere /* cali:3IIJut6JVqPBgPdD */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:u6JibO7XziyuCnZB */ /* Drop if no profiles matched */
Chain cali-tw-cali2259f582ee0 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:cOF_5ex3LFR7qM3w */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:J3GCQbuHcccGl87t */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:n8dqVCIZ7tS44C2K */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:tTnNT4k0FExF0aWZ */
RETURN all -- anywhere anywhere /* cali:xhjvQBu8VT8XG55Q */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_FdDrYToMIz8_5i1QDB all -- anywhere anywhere /* cali:VQpvMVUFbiSleg2a */
RETURN all -- anywhere anywhere /* cali:ykQY7uT7xwnd8cGw */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:4-33KirUjN2hB1PR */ /* Drop if no profiles matched */
Chain cali-tw-cali47e3f9968a4 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:l3Z3LG4dHIGKpwQW */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:UXyzpyZh1hQq-iF1 */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:Sb-fdOfKroCSgyTR */ MARK and 0xfffeffff
cali-pri-kns.kube-system all -- anywhere anywhere /* cali:cHW3jg-QH097VTCY */
RETURN all -- anywhere anywhere /* cali:djLTNc9JVY1zdVVa */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_PTRGc0U-L5Kz7V6ERW all -- anywhere anywhere /* cali:zTRmfuLF5NVZ8xh9 */
RETURN all -- anywhere anywhere /* cali:kqf7WXbacHAVnmSh */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:1IytWyvitVXHX2G4 */ /* Drop if no profiles matched */
Chain cali-tw-cali6b45471ae76 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:6kghaoaZVkJLThbS */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:RiLfC5oGPbbo5zqZ */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:ddGHvX2uNjN1RWeK */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:B9DjWpOeVWnQQOAt */
RETURN all -- anywhere anywhere /* cali:meGLYCzhCETKOalX */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_PxLP9yyGewyeTglPIk all -- anywhere anywhere /* cali:T2ihaSnkKlCBWuvt */
RETURN all -- anywhere anywhere /* cali:ACOiOlH_ELNn4gwa */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:bFDuSNAFbgReBVUK */ /* Drop if no profiles matched */
Chain cali-tw-cali72b0f6d79d8 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:uwYJXSIa3BCF7eBY */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:6DRkg0v2wC3kphKH */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:2_uq6FRW15OEo3HT */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:eAWAiO0P09Azqt-i */
RETURN all -- anywhere anywhere /* cali:TOprD3q5yEPNOMGF */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_PNC_NWuE2g9AfCatzS all -- anywhere anywhere /* cali:ckijnrRVfIyxsPZJ */
RETURN all -- anywhere anywhere /* cali:WJypK0EA7kZmYWcA */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:ZNu-J9GuGEPZ-WwM */ /* Drop if no profiles matched */
Chain cali-tw-cali9a415f28ac8 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:j3WAHWtR8636zvzE */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:5Zsgg-QsHhYcac2p */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:cDyQGsLmwvrRgAye */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:FFi5eaE_J58GvqL7 */
RETURN all -- anywhere anywhere /* cali:n2qI3P9SXlafoZKo */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_z_pBIuFjAVA_Sb9lHQ all -- anywhere anywhere /* cali:KzTKz25Hxi-Youjs */
RETURN all -- anywhere anywhere /* cali:1FNFPnB8IfamiXOg */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:wruDzaTUUHDaY-tS */ /* Drop if no profiles matched */
Chain cali-tw-calia301e45507d (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:DDDdD95mRGGHi68h */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:Da7BVeQoM2SJaHJD */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:2ig377fwboG5mzW- */ MARK and 0xfffeffff
cali-pri-kns.kube-system all -- anywhere anywhere /* cali:Pa1As68B6TvA6rxR */
RETURN all -- anywhere anywhere /* cali:i6Z3st4N3yZMVFQh */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_npJ7qTPnQvugDgIE9J all -- anywhere anywhere /* cali:wGHF_RKV6gg5EPPy */
RETURN all -- anywhere anywhere /* cali:klr5RflSHsQvZiMv */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:-vzZVGV7tDv4JRZI */ /* Drop if no profiles matched */
Chain cali-tw-calib62024d6ab3 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:X_mgJ3bTE3ShPIQF */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:pBVnGlQ5DAxvDplo */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:LkKgxKj3ItHWc-3K */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:Gx58bTWepCZ1aPOq */
RETURN all -- anywhere anywhere /* cali:GzmHUHuuHB65vZ57 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_v55N_fkUY7aUv3KPkd all -- anywhere anywhere /* cali:wtimDKRBmrCloyYn */
RETURN all -- anywhere anywhere /* cali:5SzjxBRkQCofoEge */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:Okk9ztRBlLlEfbw1 */ /* Drop if no profiles matched */
Chain cali-tw-calibb5ed0e88bf (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:AW6UvcuzqB00y00u */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:iFYPiHj-mBo2oXPF */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:VOBA7teGPkNRU_4d */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:GHK__-BwqKC_2ZRn */
RETURN all -- anywhere anywhere /* cali:Laby0YVI8OORuLOU */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_E1NcSKZHYVa8G2qbF7 all -- anywhere anywhere /* cali:8HUnhlzSAUWyMHEu */
RETURN all -- anywhere anywhere /* cali:U6K8GWn5Zdv3JRTJ */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:RFAWMnnkB2C24AAP */ /* Drop if no profiles matched */
Chain cali-tw-calidc0b7b54b3e (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:2kwQm8hjqhQhvy7M */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:O4OGi3kciHseNkOx */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:UvcO3sC-25VwVV09 */ MARK and 0xfffeffff
cali-pri-kns.default all -- anywhere anywhere /* cali:WXjM4h8GU_cTxWN8 */
RETURN all -- anywhere anywhere /* cali:InVMUQo50rowxmQ8 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-ksa.default.default all -- anywhere anywhere /* cali:AN9vMnFEzRYmgJzw */
RETURN all -- anywhere anywhere /* cali:PK211yxs4Jb-noY7 */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:n1kHhfd0mgBRJ0FT */ /* Drop if no profiles matched */
Chain cali-tw-calif03e7863b33 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:2wZgALH8yEK-8Syg */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:3sB2KXl0Ty-vLFhL */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:KsUomkbAUu_zPn2- */ MARK and 0xfffeffff
cali-pri-_ssjgMnAJoaIenCqD38 all -- anywhere anywhere /* cali:mw25c37-i6Q6ib7v */
RETURN all -- anywhere anywhere /* cali:NcPQ-1XUxMf3tTm2 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_Lj8Pj9Ju50MIpTtpya all -- anywhere anywhere /* cali:WGpPU8KveH_0Y-5e */
RETURN all -- anywhere anywhere /* cali:6-ZFKpG3LZrcBiLE */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:MKWIQ9ics0dAC3j8 */ /* Drop if no profiles matched */
Chain cali-tw-califae882059e3 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:Ex2BQt8zfMWfzTZH */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:YNaVzRLdtePpsG_A */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:zl3VZhG24USPF20s */ MARK and 0xfffeffff
cali-pri-kns.default all -- anywhere anywhere /* cali:SAX4ZgbUND8hGH6q */
RETURN all -- anywhere anywhere /* cali:aV7qXBbbkOEw0DhS */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-ksa.default.default all -- anywhere anywhere /* cali:s-JtvtkSYR5K77Cz */
RETURN all -- anywhere anywhere /* cali:BYLAcH4H6LCBtkil */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:fzsxKQmttL8E8eXw */ /* Drop if no profiles matched */
Chain cali-tw-califf72c7e9b20 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:r4rZufGmWuyEvYgX */ ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere /* cali:oFtfsHdLObXr-X7c */ ctstate INVALID
MARK all -- anywhere anywhere /* cali:7M1ls1ryiE9zNhoU */ MARK and 0xfffeffff
cali-pri-kns.metallb-system all -- anywhere anywhere /* cali:WDoFtRCutevzZAwe */
RETURN all -- anywhere anywhere /* cali:8CvF8Rhg0h252iE1 */ /* Return if profile accepted */ mark match 0x10000/0x10000
cali-pri-_rfesb_Nv6QzsjWHy5M all -- anywhere anywhere /* cali:WBBCDhTu5QLz0s67 */
RETURN all -- anywhere anywhere /* cali:37FzZZaH2NsHTU2U */ /* Return if profile accepted */ mark match 0x10000/0x10000
DROP all -- anywhere anywhere /* cali:NkeLY8BpUoO4JjB_ */ /* Drop if no profiles matched */
Chain cali-wl-to-host (1 references)
target prot opt source destination
cali-from-wl-dispatch all -- anywhere anywhere /* cali:Ee9Sbo10IpVujdIY */
ACCEPT all -- anywhere anywhere /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */
Regards,
Rakesh