Skip to content

Instantly share code, notes, and snippets.

@fmuyassarov

fmuyassarov/calico_2_16.09_0.txt

Created September 16, 2025 14:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save fmuyassarov/da3ee0a5a171c7cd5811edd680a24991 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save fmuyassarov/da3ee0a5a171c7cd5811edd680a24991 to your computer and use it in GitHub Desktop.
Download ZIP
hostendpoints created
Raw
calico_2_16.09_0.txt
Chain INPUT (policy ACCEPT 952M packets, 309G bytes)
pkts bytes target prot opt in out source destination
130M 40G cali-INPUT all -- any any anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c */
126M 39G KUBE-IPVS-FILTER all -- any any anywhere anywhere /* kubernetes ipvs access filter */
126M 39G KUBE-PROXY-FIREWALL all -- any any anywhere anywhere /* kube-proxy firewall rules */
126M 39G KUBE-NODE-PORT all -- any any anywhere anywhere /* kubernetes health check rules */
14M 833M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */
952M 308G KUBE-NODEPORTS all -- any any anywhere anywhere /* kubernetes health check service ports */
14M 833M KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
952M 308G KUBE-FIREWALL all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 2 packets, 181 bytes)
pkts bytes target prot opt in out source destination
46 5885 cali-FORWARD all -- any any anywhere anywhere /* cali:wUHhoiAYhphO9Mso */
16057 82M DOCKER-USER all -- any any anywhere anywhere
16057 82M DOCKER-FORWARD all -- any any anywhere anywhere
83 6844 KUBE-PROXY-FIREWALL all -- any any anywhere anywhere /* kube-proxy firewall rules */
817K 87M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */
1164K 1940M KUBE-FORWARD all -- any any anywhere anywhere /* kubernetes forwarding rules */
817K 87M KUBE-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes service portals */
817K 87M KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
20 1634 ACCEPT all -- any any anywhere anywhere /* cali:S93hcgKJrXEqnTfs */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000
0 0 MARK all -- any any anywhere anywhere /* cali:mp77cMpurHhyjLrM */ MARK or 0x10000
Chain OUTPUT (policy ACCEPT 1011M packets, 331G bytes)
pkts bytes target prot opt in out source destination
130M 38G cali-OUTPUT all -- any any anywhere anywhere /* cali:tVnHkvAo15HuiPy0 */
130M 38G KUBE-IPVS-OUT-FILTER all -- any any anywhere anywhere /* kubernetes ipvs access filter */
17M 1016M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */
17M 1016M KUBE-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes service portals */
1011M 331G KUBE-FIREWALL all -- any any anywhere anywhere
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- !br-bc18ce9c999c br-bc18ce9c999c anywhere anywhere
0 0 DROP all -- !docker0 docker0 anywhere anywhere
Chain DOCKER-BRIDGE (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- any br-bc18ce9c999c anywhere anywhere
0 0 DOCKER all -- any docker0 anywhere anywhere
Chain DOCKER-CT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any br-bc18ce9c999c anywhere anywhere ctstate RELATED,ESTABLISHED
10330 81M ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
Chain DOCKER-FORWARD (1 references)
pkts bytes target prot opt in out source destination
16057 82M DOCKER-CT all -- any any anywhere anywhere
5727 517K DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
5727 517K DOCKER-BRIDGE all -- any any anywhere anywhere
0 0 ACCEPT all -- br-bc18ce9c999c any anywhere anywhere
5707 516K ACCEPT all -- docker0 any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- br-bc18ce9c999c !br-bc18ce9c999c anywhere anywhere
5707 516K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any docker0 anywhere anywhere
0 0 DROP all -- any br-bc18ce9c999c anywhere anywhere
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
833K 169M RETURN all -- any any anywhere anywhere
Chain KUBE-EXTERNAL-SERVICES (2 references)
pkts bytes target prot opt in out source destination
Chain KUBE-FIREWALL (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any !localhost/8 localhost/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT
Chain KUBE-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* kubernetes forwarding rules */ mark match 0x4000/0x4000
0 0 ACCEPT all -- any any anywhere anywhere /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-IPVS-FILTER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-LOAD-BALANCER dst,dst
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-CLUSTER-IP dst,dst
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-EXTERNAL-IP dst,dst
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-EXTERNAL-IP-LOCAL dst,dst
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-HEALTH-CHECK-NODE-PORT dst
0 0 REJECT all -- any any anywhere anywhere ctstate NEW match-set KUBE-IPVS-IPS dst reject-with icmp-port-unreachable
Chain KUBE-IPVS-OUT-FILTER (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-KUBELET-CANARY (0 references)
pkts bytes target prot opt in out source destination
Chain KUBE-NODE-PORT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* Kubernetes health check node port */ match-set KUBE-HEALTH-CHECK-NODE-PORT dst
Chain KUBE-NODEPORTS (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-PROXY-CANARY (0 references)
pkts bytes target prot opt in out source destination
Chain KUBE-PROXY-FIREWALL (5 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SERVICES (2 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SOURCE-RANGES-FIREWALL (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere
Chain cali-FORWARD (1 references)
pkts bytes target prot opt in out source destination
12 1638 MARK all -- any any anywhere anywhere /* cali:vjrMJCRpqwy5oRoX */ MARK and 0xfff1ffff
12 1638 cali-from-hep-forward all -- any any anywhere anywhere /* cali:A_sPAO0mcxbT9mOV */ mark match 0x0/0x10000
6 390 cali-from-wl-dispatch all -- cali+ any anywhere anywhere /* cali:8ZoYfO5HKXWbB3pk */
6 1248 cali-to-wl-dispatch all -- any cali+ anywhere anywhere /* cali:jdEuaPBe14V2hutn */
5 305 cali-to-hep-forward all -- any any anywhere anywhere /* cali:12bc6HljsMKsmfr- */
5 305 cali-cidr-block all -- any any anywhere anywhere /* cali:NOSxoaGx8OIstr1z */
Chain cali-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere /* cali:J76FwxInZIsk7uKY */ /* Allow IPv4 VXLAN packets from allowed hosts */ multiport dports 4789 match-set cali40all-vxlan-net src ADDRTYPE match dst-type LOCAL
0 0 DROP udp -- any any anywhere anywhere /* cali:EDCNTTxYfggApx8C */ /* Drop IPv4 VXLAN packets from non-allowed hosts */ multiport dports 4789 ADDRTYPE match dst-type LOCAL
141K 140M MARK all -- any any anywhere anywhere /* cali:B_8fGLpLlTQcXZgh */ MARK and 0xfffff
141K 140M cali-forward-check all -- any any anywhere anywhere /* cali:AD1HGbXEph59_YyS */
50 5099 RETURN all -- any any anywhere anywhere /* cali:NmYAbfrd1o63cxNo */ mark match ! 0x0/0xfff00000
2859 816K cali-wl-to-host all -- cali+ any anywhere anywhere [goto] /* cali:O-dDeZL8fOcsUtUD */
0 0 ACCEPT all -- any any anywhere anywhere /* cali:ZI1yfOrOsD5YjTbe */ mark match 0x10000/0x10000
138K 139M MARK all -- any any anywhere anywhere /* cali:XxqbC-iTL5WaS8eO */ MARK and 0xfff0ffff
138K 139M cali-from-host-endpoint all -- any any anywhere anywhere /* cali:IZ5RzzpDkgrPBLwh */
0 0 ACCEPT all -- any any anywhere anywhere /* cali:jUXk5Q3mXlNarOhs */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:Mq1_rAdXXH3YkrzW */ mark match 0x10000/0x10000
0 0 cali-forward-endpoint-mark all -- any any anywhere anywhere [goto] /* cali:5Z67OUUpTOM7Xa1a */ mark match ! 0x0/0xfff00000
2903 1233K RETURN all -- any cali+ anywhere anywhere /* cali:M2Wf0OehNdig8MHR */
0 0 ACCEPT udp -- any any anywhere anywhere /* cali:ClE20y3NCwgoEuMI */ /* Allow IPv4 VXLAN packets to other allowed hosts */ multiport dports 4789 ADDRTYPE match src-type LOCAL match-set cali40all-vxlan-net dst
134K 47M MARK all -- any any anywhere anywhere /* cali:aMcwcA5f79hQPBgR */ MARK and 0xfff0ffff
134K 47M cali-to-host-endpoint all -- any any anywhere anywhere /* cali:n_vqcKl8u9NdpYmx */ ! ctstate DNAT
0 0 ACCEPT all -- any any anywhere anywhere /* cali:979hsn7wL9UDIMMj */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-cidr-block (1 references)
pkts bytes target prot opt in out source destination
Chain cali-failsafe-in (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:wWFQM43tJU7wwnFZ */ multiport dports ssh
0 0 ACCEPT udp -- any any anywhere anywhere /* cali:LwNV--R8MjeUYacw */ multiport dports bootpc
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:QOO5NUOqOSS1_Iw0 */ multiport dports bgp
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:cwZWoBSwVeIAZmVN */ multiport dports 2379
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:7FbNXT91kugE_upR */ multiport dports 2380
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:8Ftbkk2dRH2eEeq1 */ multiport dports 5473
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:-JoRSaAQZPJAegMo */ multiport dports 6443
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:PUKij4Rn9njHfVTi */ multiport dports 6666
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:vSprVE-4rient0wc */ multiport dports ircd
Chain cali-failsafe-out (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere /* cali:82hjfji-wChFhAqL */ multiport dports domain
0 0 ACCEPT udp -- any any anywhere anywhere /* cali:TNM3RfEjbNr72hgH */ multiport dports bootps
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:ycxKitIl4u3dK0HR */ multiport dports bgp
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:hxjEWyxdkXXkdvut */ multiport dports 2379
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:cA_GLtruuvG88KiO */ multiport dports 2380
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:ALz4foMyfue7vaqK */ multiport dports 5473
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:zvCXe1uOiQ8adzhn */ multiport dports 6443
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:Lppo9JuKR7AyZoWQ */ multiport dports 6666
0 0 ACCEPT tcp -- any any anywhere anywhere /* cali:EoOkKdH0fekirfk8 */ multiport dports ircd
Chain cali-fh-adummy0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:KfSIATvjGaK4zGj1 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:9P1i-1Uq2VzBO2PV */ ctstate INVALID
0 0 cali-failsafe-in all -- any any anywhere anywhere /* cali:9fTcLBxw7RpWzYcn */
0 0 MARK all -- any any anywhere anywhere /* cali:FBSa7pCs1mUiQqM8 */ MARK and 0xfffcffff
0 0 DROP all -- any any anywhere anywhere /* cali:ej0Jv-1dernW3FtU */ /* Drop if no profiles matched */
Chain cali-fh-adummy1 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:v4M9QFls4ZPiyZy7 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:3AmWDyZULYQY9GjN */ ctstate INVALID
0 0 cali-failsafe-in all -- any any anywhere anywhere /* cali:2dVDormZdB8Q6KsH */
0 0 MARK all -- any any anywhere anywhere /* cali:4rttKZJ47f19c54X */ MARK and 0xfffcffff
0 0 DROP all -- any any anywhere anywhere /* cali:ia5YyI-UpdNlph1r */ /* Drop if no profiles matched */
Chain cali-fh-cdummy0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:wQNdFSotavCSO0VD */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:ogjBiTOJ3F4yQM1k */ ctstate INVALID
0 0 cali-failsafe-in all -- any any anywhere anywhere /* cali:8ojDI8KR9JE8GIyT */
0 0 MARK all -- any any anywhere anywhere /* cali:WUrm0g_vABO1YJkM */ MARK and 0xfffcffff
0 0 DROP all -- any any anywhere anywhere /* cali:yVj5AbsxwzgfpDWR */ /* Drop if no profiles matched */
Chain cali-fhfw-adummy0 (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:p6N3xKLkWCAfIBz7 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:SO8c1B0UTbPSuOJi */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:ecJjlnMA_3gt3VhD */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:u_FsQ3kZMBA2R1aA */ /* Allow forwarded traffic by default */ MARK or 0x10000
0 0 RETURN all -- any any anywhere anywhere /* cali:ZQ7qVaUNIUtO9rA9 */ /* Return for accepted forward traffic */
Chain cali-fhfw-adummy1 (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:iyFDpZ3GCaODXV8_ */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:R7ttpJi85eXZRhhh */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:mFNHOTYjHonv6NUc */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:v1NCCt3EkuqkogCs */ /* Allow forwarded traffic by default */ MARK or 0x10000
0 0 RETURN all -- any any anywhere anywhere /* cali:-_4UngRn6sG-pB7C */ /* Return for accepted forward traffic */
Chain cali-fhfw-cdummy0 (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:8iH-8Pj5FbqTCEEY */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:witZtAzEZxdUFJMA */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:Z-NR55r2UW9m72x9 */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:zPyQulz6xiDgtoZp */ /* Allow forwarded traffic by default */ MARK or 0x10000
0 0 RETURN all -- any any anywhere anywhere /* cali:m6E3DrPjujVLLpOR */ /* Return for accepted forward traffic */
Chain cali-forward-check (1 references)
pkts bytes target prot opt in out source destination
128M 39G RETURN all -- any any anywhere anywhere /* cali:Pbldlb4FaULvpdD8 */ ctstate RELATED,ESTABLISHED
0 0 cali-set-endpoint-mark tcp -- any any anywhere anywhere [goto] /* cali:ZD-6UxuUtGW-xtzg */ /* To kubernetes NodePort service */ multiport dports 30000:32767 match-set cali40this-host dst
0 0 cali-set-endpoint-mark udp -- any any anywhere anywhere [goto] /* cali:CbPfUajQ2bFVnDq4 */ /* To kubernetes NodePort service */ multiport dports 30000:32767 match-set cali40this-host dst
15158 1758K cali-set-endpoint-mark all -- any any anywhere anywhere /* cali:jmhU0ODogX-Zfe5g */ /* To kubernetes service */ ! match-set cali40this-host dst
Chain cali-forward-endpoint-mark (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-from-endpoint-mark all -- any any anywhere anywhere /* cali:O0SmFDrnm7KggWqW */ mark match ! 0x100000/0xfff00000
0 0 cali-to-wl-dispatch all -- any cali+ anywhere anywhere /* cali:aFl0WFKRxDqj8oA6 */
0 0 cali-to-hep-forward all -- any any anywhere anywhere /* cali:AZKVrO3i_8cLai5f */
0 0 MARK all -- any any anywhere anywhere /* cali:96HaP1sFtb-NYoYA */ MARK and 0xfffff
0 0 ACCEPT all -- any any anywhere anywhere /* cali:VxO6hyNWz62YEtul */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000
Chain cali-from-endpoint-mark (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-fw-cali299f39e782d all -- any any anywhere anywhere [goto] /* cali:r_lOY1H9D7CJcX2m */ mark match 0x73400000/0xfff00000
0 0 cali-fw-cali3862ba2b954 all -- any any anywhere anywhere [goto] /* cali:owYaEWIGSYQ7xLMu */ mark match 0x1a400000/0xfff00000
0 0 cali-fw-cali4b00c59f252 all -- any any anywhere anywhere [goto] /* cali:0FllKG9VJSsjqQtX */ mark match 0x40a00000/0xfff00000
0 0 cali-fw-cali557158cd734 all -- any any anywhere anywhere [goto] /* cali:Lvi31_abgvFArTGI */ mark match 0x3ba00000/0xfff00000
0 0 cali-fw-cali590c7f9f7ee all -- any any anywhere anywhere [goto] /* cali:SLhsdfXJWHr4UvTk */ mark match 0x5d400000/0xfff00000
0 0 cali-fw-calic8e3b733162 all -- any any anywhere anywhere [goto] /* cali:pUQcpjvhB87_vtWA */ mark match 0x2700000/0xfff00000
0 0 cali-fhfw-adummy0 all -- any any anywhere anywhere [goto] /* cali:zdLywXQI1qJQ91j5 */ mark match 0xdca00000/0xfff00000
0 0 cali-fhfw-adummy1 all -- any any anywhere anywhere [goto] /* cali:pjjDvoRDH9WajvkB */ mark match 0xdcb00000/0xfff00000
0 0 cali-fhfw-cdummy0 all -- any any anywhere anywhere [goto] /* cali:Im4CVIk-lrlBrcSq */ mark match 0xd9800000/0xfff00000
0 0 DROP all -- any any anywhere anywhere /* cali:YGtEt7Hb0WxM0gli */ /* Unknown interface */
Chain cali-from-hep-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-from-hep-forward-a all -- a+ any anywhere anywhere [goto] /* cali:Ikz-pJcHuTDXZIR7 */
0 0 cali-fhfw-cdummy0 all -- cdummy0 any anywhere anywhere [goto] /* cali:sXyCCCyNmRDYhzPV */
Chain cali-from-hep-forward-a (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-fhfw-adummy0 all -- adummy0 any anywhere anywhere [goto] /* cali:nJiCqwGkrZha99P7 */
0 0 cali-fhfw-adummy1 all -- adummy1 any anywhere anywhere [goto] /* cali:sznlNsCjbCsbw-fA */
Chain cali-from-host-endpoint (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-from-host-endpoint-a all -- a+ any anywhere anywhere [goto] /* cali:be6cZBwzbM-h2tOu */
0 0 cali-fh-cdummy0 all -- cdummy0 any anywhere anywhere [goto] /* cali:OqK0BcAUeKBJxH1t */
Chain cali-from-host-endpoint-a (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-fh-adummy0 all -- adummy0 any anywhere anywhere [goto] /* cali:ab36Uo9wuSe8vRcD */
0 0 cali-fh-adummy1 all -- adummy1 any anywhere anywhere [goto] /* cali:sX7ZaMdHppIMcBCd */
Chain cali-from-wl-dispatch (2 references)
pkts bytes target prot opt in out source destination
0 0 cali-fw-cali299f39e782d all -- cali299f39e782d any anywhere anywhere [goto] /* cali:EI7BARWoCeFBEMNw */
348 27535 cali-fw-cali3862ba2b954 all -- cali3862ba2b954 any anywhere anywhere [goto] /* cali:wcxtNrAMtrGWgjY7 */
438 60112 cali-fw-cali4b00c59f252 all -- cali4b00c59f252 any anywhere anywhere [goto] /* cali:cRAcqoTJGWAxRcPi */
762 100K cali-from-wl-dispatch-5 all -- cali5+ any anywhere anywhere [goto] /* cali:cdL35QUpMMxalFBI */
548 360K cali-fw-calic8e3b733162 all -- calic8e3b733162 any anywhere anywhere [goto] /* cali:s6H4_iZsgg_p0umZ */
0 0 DROP all -- any any anywhere anywhere /* cali:d81YvsooFEkQkz0T */ /* Unknown interface */
Chain cali-from-wl-dispatch-5 (1 references)
pkts bytes target prot opt in out source destination
343 27168 cali-fw-cali557158cd734 all -- cali557158cd734 any anywhere anywhere [goto] /* cali:wdgYrDG0c9j6NG6g */
419 73180 cali-fw-cali590c7f9f7ee all -- cali590c7f9f7ee any anywhere anywhere [goto] /* cali:tp9gbCyFcyH-_g7p */
0 0 DROP all -- any any anywhere anywhere /* cali:1lALwmXy1GhGVwR1 */ /* Unknown interface */
Chain cali-fw-cali299f39e782d (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:GfJ_KkcBcCmrig7M */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:Lcfjx8EgU9U5lpzg */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:Qq-yrWJMnL-NJ6yg */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:VN6zjU4qYBWKXAIJ */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:ExS2b1c_UikuDiJS */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:StbcuTHOWLJJuLji */
0 0 RETURN all -- any any anywhere anywhere /* cali:NJ94Hz3y4R86fNdu */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_ymJUz7yzI6NOKJhG2- all -- any any anywhere anywhere /* cali:mL5q2cB16W9VMRWa */
0 0 RETURN all -- any any anywhere anywhere /* cali:oA0rdzTCalEu-itf */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:CKOgE-ZFwlguJqfh */ /* Drop if no profiles matched */
Chain cali-fw-cali3862ba2b954 (2 references)
pkts bytes target prot opt in out source destination
403 33721 ACCEPT all -- any any anywhere anywhere /* cali:TsTF6nqXJRbVW-s8 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:4J4FJdJo5RVpuKoS */ ctstate INVALID
3 175 MARK all -- any any anywhere anywhere /* cali:qbxl-G3KLoj2CD9n */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:6b-pdaf5LEctV92_ */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:6dL1RnBv4DluifEG */ /* Drop IPinIP encapped packets originating in workloads */
3 175 cali-pro-kns.kube-system all -- any any anywhere anywhere /* cali:b89dS4Rf06STbmFh */
3 175 RETURN all -- any any anywhere anywhere /* cali:OQ461jeZDyj5jyhJ */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:3SNgmuFoaEYFPvl7 */
0 0 RETURN all -- any any anywhere anywhere /* cali:JNqIX6z5dhoZ5rqe */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:yX1fYxhkrSZpEhnK */ /* Drop if no profiles matched */
Chain cali-fw-cali4b00c59f252 (2 references)
pkts bytes target prot opt in out source destination
438 60112 ACCEPT all -- any any anywhere anywhere /* cali:A-nz0HbDBF-uA9n1 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:DjBAL8K61DHXhWmv */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:2DQe6ZlTVRUuxzr6 */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:XWbOs53I4rW0-xee */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:7W_JErkX4tfXugdw */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:Ec6rQQvqevXEPaC4 */
0 0 RETURN all -- any any anywhere anywhere /* cali:MUa19jR0uZ5I_UyD */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_nzzjLvInId1gPHmQz_ all -- any any anywhere anywhere /* cali:vk3d7rETLit-dDaK */
0 0 RETURN all -- any any anywhere anywhere /* cali:0cH1q8LXBwJDoLzm */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:m0btgE0_BAckFQB0 */ /* Drop if no profiles matched */
Chain cali-fw-cali557158cd734 (2 references)
pkts bytes target prot opt in out source destination
397 33251 ACCEPT all -- any any anywhere anywhere /* cali:d05E0SArDhDNKYOc */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:ufc3YceD-Tig1Kf1 */ ctstate INVALID
2 130 MARK all -- any any anywhere anywhere /* cali:t8hMNupRetn6neG2 */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:vNjGJhQxeZ2KPcdE */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:reWI3-s1qSutdfTJ */ /* Drop IPinIP encapped packets originating in workloads */
2 130 cali-pro-kns.kube-system all -- any any anywhere anywhere /* cali:t2K6_DDfHKWfs0rL */
2 130 RETURN all -- any any anywhere anywhere /* cali:zMFwpfABxm6v-Eim */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:CJW54OeeOqMfvif6 */
0 0 RETURN all -- any any anywhere anywhere /* cali:fUITJWI6asK7jzEJ */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:IYOI4IoVI1Hli1cW */ /* Drop if no profiles matched */
Chain cali-fw-cali590c7f9f7ee (2 references)
pkts bytes target prot opt in out source destination
419 73180 ACCEPT all -- any any anywhere anywhere /* cali:MFqVPM8C3ypwA3RX */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:7Ld_KLrH7rlyVw91 */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:VJEOQU3Q1SKld6L_ */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:v1xD9be2TjwGpAFU */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:-cJtl1b0cTibF4kq */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:6pN2edXf6_GGldeC */
0 0 RETURN all -- any any anywhere anywhere /* cali:ieV3z86lsOHE2byW */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:PB2fBxL3VGZ5CpcX */
0 0 RETURN all -- any any anywhere anywhere /* cali:1v-2tGYDhvVtgMaY */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:K5v6BhtDdJvooGsx */ /* Drop if no profiles matched */
Chain cali-fw-calic8e3b733162 (2 references)
pkts bytes target prot opt in out source destination
1203 616K ACCEPT all -- any any anywhere anywhere /* cali:ATespSLDLFkQhDxV */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:seYdOTcy3wTBSxyP */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:NKpEzfSGpZUloUsq */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:AqK81lewk0N1xnDc */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:3knxeG6vwfHb73EB */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:hsA2c70b8dPq8Gu2 */
0 0 RETURN all -- any any anywhere anywhere /* cali:kdal5vR0ElgSdW1X */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:qMK34UC7D5bg6n05 */
0 0 RETURN all -- any any anywhere anywhere /* cali:Z8Q-AkWd7OEVYatf */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:PqYtBhx3I_QLUFV9 */ /* Drop if no profiles matched */
Chain cali-pi-_FDiLImilezd09cpg5ci (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- any any anywhere anywhere /* cali:wH4Z-YLtazvrkIUi */ /* Policy calico-apiserver/knp.default.allow-apiserver ingress */ multiport dports 5443 MARK or 0x10000
Chain cali-pri-_4yi5_iSUAwsU8zMHTk (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:ZYnaZZFwsSjfXO4C */ /* Profile ksa.calico-apiserver.calico-apiserver ingress */
Chain cali-pri-_kJqfZpgUe7r2t4A-14 (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:IQx0SzlDGn6BPv0A */ /* Profile kns.calico-apiserver ingress */ MARK or 0x10000
Chain cali-pri-_nzzjLvInId1gPHmQz_ (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:UQoEf2WCdU0bPTCb */ /* Profile ksa.calico-system.calico-kube-controllers ingress */
Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:WqgznqAQ-uYV0oBx */ /* Profile ksa.kube-system.coredns ingress */
Chain cali-pri-_ymJUz7yzI6NOKJhG2- (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:52zm9tLYY65R0fSD */ /* Profile ksa.calico-system.csi-node-driver ingress */
Chain cali-pri-kns.calico-system (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:hLANj-OVIyT53h_j */ /* Profile kns.calico-system ingress */ MARK or 0x10000
Chain cali-pri-kns.kube-system (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:J1TyxtHWd0qaBGK- */ /* Profile kns.kube-system ingress */ MARK or 0x10000
Chain cali-pro-_4yi5_iSUAwsU8zMHTk (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:Pp_dQp2FeNabRhyi */ /* Profile ksa.calico-apiserver.calico-apiserver egress */
Chain cali-pro-_kJqfZpgUe7r2t4A-14 (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:_cFTxC141wwWRzyZ */ /* Profile kns.calico-apiserver egress */ MARK or 0x10000
Chain cali-pro-_nzzjLvInId1gPHmQz_ (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:5bHxBXLMkJKgC6dk */ /* Profile ksa.calico-system.calico-kube-controllers egress */
Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:0-_UPh39dt5XfhmJ */ /* Profile ksa.kube-system.coredns egress */
Chain cali-pro-_ymJUz7yzI6NOKJhG2- (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:yuJvAdyU1LYltt-O */ /* Profile ksa.calico-system.csi-node-driver egress */
Chain cali-pro-kns.calico-system (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:gWxJzCZXxl31NR0P */ /* Profile kns.calico-system egress */ MARK or 0x10000
Chain cali-pro-kns.kube-system (2 references)
pkts bytes target prot opt in out source destination
5 305 MARK all -- any any anywhere anywhere /* cali:tgOR2S8DVHZW3F1M */ /* Profile kns.kube-system egress */ MARK or 0x10000
Chain cali-set-endpoint-mark (3 references)
pkts bytes target prot opt in out source destination
0 0 cali-sm-cali299f39e782d all -- cali299f39e782d any anywhere anywhere [goto] /* cali:BOFSKT1arlaTChMJ */
0 0 cali-sm-cali3862ba2b954 all -- cali3862ba2b954 any anywhere anywhere [goto] /* cali:NnDO8FmNq91JTVLT */
0 0 cali-sm-cali4b00c59f252 all -- cali4b00c59f252 any anywhere anywhere [goto] /* cali:GjxhAwbAO6wts5vA */
0 0 cali-set-endpoint-mark-5 all -- cali5+ any anywhere anywhere [goto] /* cali:q38ugJW7drHRY_7Y */
0 0 cali-sm-calic8e3b733162 all -- calic8e3b733162 any anywhere anywhere [goto] /* cali:PxH9uyy1KBvKE5tb */
0 0 cali-set-endpoint-mark-a all -- a+ any anywhere anywhere [goto] /* cali:XBqHsQVxp4bJSFjs */
0 0 cali-sm-cdummy0 all -- cdummy0 any anywhere anywhere [goto] /* cali:yel_uClghmkzfWjo */
0 0 DROP all -- cali+ any anywhere anywhere /* cali:PayuimcjTPYFNwry */ /* Unknown endpoint */
1 309 MARK all -- any any anywhere anywhere /* cali:cGqBg1IDvj-E3UU9 */ /* Non-Cali endpoint mark */ MARK xset 0x100000/0xfff00000
Chain cali-set-endpoint-mark-5 (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-sm-cali557158cd734 all -- cali557158cd734 any anywhere anywhere [goto] /* cali:pmp27P2XGfYP-6dD */
1 60 cali-sm-cali590c7f9f7ee all -- cali590c7f9f7ee any anywhere anywhere [goto] /* cali:6roykgbJvRqnmFDX */
Chain cali-set-endpoint-mark-a (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-sm-adummy0 all -- adummy0 any anywhere anywhere [goto] /* cali:B4z27dbzhbTeB7aD */
0 0 cali-sm-adummy1 all -- adummy1 any anywhere anywhere [goto] /* cali:ydTULeucDSDCSJYu */
Chain cali-sm-adummy0 (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:uv8_v4N9vFGn86PK */ MARK xset 0xdca00000/0xfff00000
Chain cali-sm-adummy1 (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:UHYOf5oQXTiZpsga */ MARK xset 0xdcb00000/0xfff00000
Chain cali-sm-cali299f39e782d (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:PID4fSxyLV4-qgTS */ MARK xset 0x73400000/0xfff00000
Chain cali-sm-cali3862ba2b954 (1 references)
pkts bytes target prot opt in out source destination
3 180 MARK all -- any any anywhere anywhere /* cali:FaySE6VnBbZaT2UA */ MARK xset 0x1a400000/0xfff00000
Chain cali-sm-cali4b00c59f252 (1 references)
pkts bytes target prot opt in out source destination
1 60 MARK all -- any any anywhere anywhere /* cali:rhqVrKf8kXeamF_x */ MARK xset 0x40a00000/0xfff00000
Chain cali-sm-cali557158cd734 (1 references)
pkts bytes target prot opt in out source destination
3 180 MARK all -- any any anywhere anywhere /* cali:jilUkdvIPYhEutVo */ MARK xset 0x3ba00000/0xfff00000
Chain cali-sm-cali590c7f9f7ee (1 references)
pkts bytes target prot opt in out source destination
1 60 MARK all -- any any anywhere anywhere /* cali:zcwx_xe5WeGO0IYU */ MARK xset 0x5d400000/0xfff00000
Chain cali-sm-calic8e3b733162 (1 references)
pkts bytes target prot opt in out source destination
1 60 MARK all -- any any anywhere anywhere /* cali:El_otMJwE6PAEin5 */ MARK xset 0x2700000/0xfff00000
Chain cali-sm-cdummy0 (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:ZwULf2dF4dr3pqTX */ MARK xset 0xd9800000/0xfff00000
Chain cali-th-adummy0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:RemHtnnkZ_tP2qZY */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:zgJEJky8gJTqeBQA */ ctstate INVALID
0 0 cali-failsafe-out all -- any any anywhere anywhere /* cali:f-HvcdIzxOG-Prhi */
0 0 MARK all -- any any anywhere anywhere /* cali:m3qtxNI_rHZoPMty */ MARK and 0xfffcffff
0 0 DROP all -- any any anywhere anywhere /* cali:-f0C_Xvn0NbjGwcw */ /* Drop if no profiles matched */
Chain cali-th-adummy1 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:OhTtyfaSwf8dTaed */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:Qtm2p1hC-6WwfAef */ ctstate INVALID
0 0 cali-failsafe-out all -- any any anywhere anywhere /* cali:USMrIQ3egVqQGryS */
0 0 MARK all -- any any anywhere anywhere /* cali:lZsuiSyg6uI-RXfq */ MARK and 0xfffcffff
0 0 DROP all -- any any anywhere anywhere /* cali:b3I6ClW5Xt9E_KKJ */ /* Drop if no profiles matched */
Chain cali-th-cdummy0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:QzuEEDWY8Xiwvb9X */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:FZp1E-PdvWgtc9JW */ ctstate INVALID
0 0 cali-failsafe-out all -- any any anywhere anywhere /* cali:kh35v4JAbgMg7Xgi */
0 0 MARK all -- any any anywhere anywhere /* cali:E8saFumIo_iUGFfl */ MARK and 0xfffcffff
0 0 DROP all -- any any anywhere anywhere /* cali:W5H2gAyuYnYA1KTa */ /* Drop if no profiles matched */
Chain cali-thfw-adummy0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:8wFrhXdE-GqEdKFr */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:1MMbujNjZybv5wGx */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:8R8NCbMvZsFLmyHo */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:_xsgjMnUZANCY6ah */ /* Allow forwarded traffic by default */ MARK or 0x10000
0 0 RETURN all -- any any anywhere anywhere /* cali:_PhC01ND8LoeTtGm */ /* Return for accepted forward traffic */
Chain cali-thfw-adummy1 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:_2I8OrJC1BCwQ0Wz */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:kH3btOyc9CZzYkBM */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:-rHOAJsGvASgVB75 */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:Pjp7Iw8wL3C3yfRm */ /* Allow forwarded traffic by default */ MARK or 0x10000
0 0 RETURN all -- any any anywhere anywhere /* cali:aM-L8Pi-hpVqBolw */ /* Return for accepted forward traffic */
Chain cali-thfw-cdummy0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:1iyFU6O7KbqxqSD1 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:dhDIhxXRKVd8GHVi */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:Gr9ZlcO-xpLvPzoC */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:QqENUUih4WSD80mv */ /* Allow forwarded traffic by default */ MARK or 0x10000
0 0 RETURN all -- any any anywhere anywhere /* cali:D1TDrzA526n8sWfw */ /* Return for accepted forward traffic */
Chain cali-to-hep-forward (2 references)
pkts bytes target prot opt in out source destination
0 0 cali-to-hep-forward-a all -- any a+ anywhere anywhere [goto] /* cali:DKrAUS8l8HpevH4J */
0 0 cali-thfw-cdummy0 all -- any cdummy0 anywhere anywhere [goto] /* cali:bmN8eojlwyC4fItt */
Chain cali-to-hep-forward-a (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-thfw-adummy0 all -- any adummy0 anywhere anywhere [goto] /* cali:PnfetEoWMPbI1Rj2 */
0 0 cali-thfw-adummy1 all -- any adummy1 anywhere anywhere [goto] /* cali:DEdw_D4Z95SdaAnb */
Chain cali-to-host-endpoint (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-to-host-endpoint-a all -- any a+ anywhere anywhere [goto] /* cali:syrsgbqRYMNcv4dN */
0 0 cali-th-cdummy0 all -- any cdummy0 anywhere anywhere [goto] /* cali:8j8l9MOJQpFaRP5T */
Chain cali-to-host-endpoint-a (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-th-adummy0 all -- any adummy0 anywhere anywhere [goto] /* cali:oBrv0idDiKmtIIpS */
0 0 cali-th-adummy1 all -- any adummy1 anywhere anywhere [goto] /* cali:XteHMO8qVnridlMi */
Chain cali-to-wl-dispatch (2 references)
pkts bytes target prot opt in out source destination
0 0 cali-tw-cali299f39e782d all -- any cali299f39e782d anywhere anywhere [goto] /* cali:_e9sCp_tjm6Ks_zC */
0 0 cali-tw-cali3862ba2b954 all -- any cali3862ba2b954 anywhere anywhere [goto] /* cali:shOyFmJCSpU2nD6w */
0 0 cali-tw-cali4b00c59f252 all -- any cali4b00c59f252 anywhere anywhere [goto] /* cali:Sf_4KFA3olPFRDWZ */
0 0 cali-to-wl-dispatch-5 all -- any cali5+ anywhere anywhere [goto] /* cali:VzbpX3qLvCTsP5Ut */
0 0 cali-tw-calic8e3b733162 all -- any calic8e3b733162 anywhere anywhere [goto] /* cali:3_4jRIOea5Vl00fK */
0 0 DROP all -- any any anywhere anywhere /* cali:MJeF0Tr1ywA9nPu1 */ /* Unknown interface */
Chain cali-to-wl-dispatch-5 (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-tw-cali557158cd734 all -- any cali557158cd734 anywhere anywhere [goto] /* cali:FSY5K5hW1t3zYWl6 */
0 0 cali-tw-cali590c7f9f7ee all -- any cali590c7f9f7ee anywhere anywhere [goto] /* cali:C4Cxg_oY2_124jbv */
0 0 DROP all -- any any anywhere anywhere /* cali:w927Uz4YFpYGfC94 */ /* Unknown interface */
Chain cali-tw-cali299f39e782d (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:MlZBT1jcIWQg-WOP */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:MCwOdNjVUVPirdeH */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:SeOL57QCIYl1H0FA */ MARK and 0xfffcffff
0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:ZguooveXn9k3Ezew */
0 0 RETURN all -- any any anywhere anywhere /* cali:tUwtnXySqcwXeN0n */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_ymJUz7yzI6NOKJhG2- all -- any any anywhere anywhere /* cali:C_esheQxiohzP7hB */
0 0 RETURN all -- any any anywhere anywhere /* cali:d_V878F70rjugU4F */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:Blkr1nswMgOl4ls6 */ /* Drop if no profiles matched */
Chain cali-tw-cali3862ba2b954 (1 references)
pkts bytes target prot opt in out source destination
4 832 ACCEPT all -- any any anywhere anywhere /* cali:S9Qu3IYaL6QfBTqQ */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:PSyApruPbOXUy5pN */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:f3wdOuwhk29zvRwY */ MARK and 0xfffcffff
0 0 cali-pri-kns.kube-system all -- any any anywhere anywhere /* cali:Q0WBaqWhhEumQzJh */
0 0 RETURN all -- any any anywhere anywhere /* cali:c-IGv_J0mzHUG1dg */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:zrnCGVV-PVl4O7fc */
0 0 RETURN all -- any any anywhere anywhere /* cali:-Qw8iKxdbpr3tNP4 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:8JnupwPiwJeFlLmB */ /* Drop if no profiles matched */
Chain cali-tw-cali4b00c59f252 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:p7GOoWN6z5d47d_N */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:I4VQOLN3QI3rsMki */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:06cvzxeLIpwmaRnT */ MARK and 0xfffcffff
0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:FDB2t7DCyAeOebA9 */
0 0 RETURN all -- any any anywhere anywhere /* cali:ihmtjsGdNjZZ_fl3 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_nzzjLvInId1gPHmQz_ all -- any any anywhere anywhere /* cali:oKXGXMq7hZ94artF */
0 0 RETURN all -- any any anywhere anywhere /* cali:ChWcwIgauNJnZKv_ */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:iNsTFn_Z0abg5X-h */ /* Drop if no profiles matched */
Chain cali-tw-cali557158cd734 (1 references)
pkts bytes target prot opt in out source destination
2 416 ACCEPT all -- any any anywhere anywhere /* cali:GdfmultSGHNY9xWA */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:gv-WV-8GrNk3FKl0 */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:Dmwoe0XU8FmPP7Wi */ MARK and 0xfffcffff
0 0 cali-pri-kns.kube-system all -- any any anywhere anywhere /* cali:WaTEQdjwHmRfLumJ */
0 0 RETURN all -- any any anywhere anywhere /* cali:HCRsQ4WaA20aYo5q */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:VbOcE_mgOYSUBmSM */
0 0 RETURN all -- any any anywhere anywhere /* cali:JdBYx3gM0tCrpzsn */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:hnrGjAoxzOfWRgy4 */ /* Drop if no profiles matched */
Chain cali-tw-cali590c7f9f7ee (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:ZYzd4NhO9xLKTePq */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:hLIKD0TX8Y4k4UE- */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:_msXNeEoajV9GfnK */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:NC1O5uA1f4NOQPWz */ /* Start of tier default */ MARK and 0xfffdffff
0 0 cali-pi-_FDiLImilezd09cpg5ci all -- any any anywhere anywhere /* cali:ko9P4yQKpCd3cWum */ mark match 0x0/0x20000
0 0 RETURN all -- any any anywhere anywhere /* cali:zbbOfr3rgSdWpjCt */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:wMqu4oxS7AIHHXXE */ /* Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pri-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:78qJJ00-GBTij9S0 */
0 0 RETURN all -- any any anywhere anywhere /* cali:HOJDzloY0-PN0-vy */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:c3aEsUqKJc-cOXBu */
0 0 RETURN all -- any any anywhere anywhere /* cali:fVso_3LnhDgBRjag */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:lGopEvlEr8eMqz2l */ /* Drop if no profiles matched */
Chain cali-tw-calic8e3b733162 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:O7On6neBXBwtSg11 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:wxCgP1EyodTRoctp */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:0RkFflYtv-Xu1FfU */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:dTCkyXwWpOVk5n4O */ /* Start of tier default */ MARK and 0xfffdffff
0 0 cali-pi-_FDiLImilezd09cpg5ci all -- any any anywhere anywhere /* cali:SZTZsTsLWHcD_EXw */ mark match 0x0/0x20000
0 0 RETURN all -- any any anywhere anywhere /* cali:pPF4Ch5I1Iiut0tB */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:5dnCWHNYoh1FmWFd */ /* Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pri-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:A8CGiMntiSNPkdvO */
0 0 RETURN all -- any any anywhere anywhere /* cali:iXdKpvgSC9wlJSSN */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:cRN6CYlBiWbMXul2 */
0 0 RETURN all -- any any anywhere anywhere /* cali:HHHv0UXys13ILXBj */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- any any anywhere anywhere /* cali:8Bj5Fsp_kmThZ5Ot */ /* Drop if no profiles matched */
Chain cali-wl-to-host (1 references)
pkts bytes target prot opt in out source destination
58M 10G cali-from-wl-dispatch all -- any any anywhere anywhere /* cali:Ee9Sbo10IpVujdIY */
32008 1920K ACCEPT all -- any any anywhere anywhere /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment