Skip to content

Instantly share code, notes, and snippets.

@fmuyassarov

fmuyassarov/calico_1_16.09.txt

Created September 16, 2025 08:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save fmuyassarov/eca402757c96b95da3ade8046565246a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save fmuyassarov/eca402757c96b95da3ade8046565246a to your computer and use it in GitHub Desktop.
Download ZIP
Before anything else (step 0)
Raw
calico_1_16.09.txt
Chain INPUT (policy ACCEPT 948M packets, 307G bytes)
pkts bytes target prot opt in out source destination
125M 38G cali-INPUT all -- any any anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c */
121M 37G KUBE-IPVS-FILTER all -- any any anywhere anywhere /* kubernetes ipvs access filter */
121M 37G KUBE-PROXY-FIREWALL all -- any any anywhere anywhere /* kube-proxy firewall rules */
121M 37G KUBE-NODE-PORT all -- any any anywhere anywhere /* kubernetes health check rules */
14M 829M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */
948M 307G KUBE-NODEPORTS all -- any any anywhere anywhere /* kubernetes health check service ports */
14M 829M KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
948M 307G KUBE-FIREWALL all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 2 packets, 181 bytes)
pkts bytes target prot opt in out source destination
26 3395 cali-FORWARD all -- any any anywhere anywhere /* cali:wUHhoiAYhphO9Mso */
16050 82M DOCKER-USER all -- any any anywhere anywhere
16050 82M DOCKER-FORWARD all -- any any anywhere anywhere
76 6379 KUBE-PROXY-FIREWALL all -- any any anywhere anywhere /* kube-proxy firewall rules */
817K 87M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */
1164K 1940M KUBE-FORWARD all -- any any anywhere anywhere /* kubernetes forwarding rules */
817K 87M KUBE-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes service portals */
817K 87M KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
13 1169 ACCEPT all -- any any anywhere anywhere /* cali:S93hcgKJrXEqnTfs */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000
0 0 MARK all -- any any anywhere anywhere /* cali:mp77cMpurHhyjLrM */ MARK or 0x10000
Chain OUTPUT (policy ACCEPT 1007M packets, 330G bytes)
pkts bytes target prot opt in out source destination
125M 37G cali-OUTPUT all -- any any anywhere anywhere /* cali:tVnHkvAo15HuiPy0 */
125M 37G KUBE-IPVS-OUT-FILTER all -- any any anywhere anywhere /* kubernetes ipvs access filter */
17M 1011M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */
17M 1011M KUBE-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes service portals */
1007M 330G KUBE-FIREWALL all -- any any anywhere anywhere
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- !br-bc18ce9c999c br-bc18ce9c999c anywhere anywhere
0 0 DROP all -- !docker0 docker0 anywhere anywhere
Chain DOCKER-BRIDGE (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- any br-bc18ce9c999c anywhere anywhere
0 0 DOCKER all -- any docker0 anywhere anywhere
Chain DOCKER-CT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any br-bc18ce9c999c anywhere anywhere ctstate RELATED,ESTABLISHED
10330 81M ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
Chain DOCKER-FORWARD (1 references)
pkts bytes target prot opt in out source destination
16050 82M DOCKER-CT all -- any any anywhere anywhere
5720 517K DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
5720 517K DOCKER-BRIDGE all -- any any anywhere anywhere
0 0 ACCEPT all -- br-bc18ce9c999c any anywhere anywhere
5707 516K ACCEPT all -- docker0 any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- br-bc18ce9c999c !br-bc18ce9c999c anywhere anywhere
5707 516K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any docker0 anywhere anywhere
0 0 DROP all -- any br-bc18ce9c999c anywhere anywhere
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
833K 169M RETURN all -- any any anywhere anywhere
Chain KUBE-EXTERNAL-SERVICES (2 references)
pkts bytes target prot opt in out source destination
Chain KUBE-FIREWALL (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any !localhost/8 localhost/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT
Chain KUBE-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* kubernetes forwarding rules */ mark match 0x4000/0x4000
0 0 ACCEPT all -- any any anywhere anywhere /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-IPVS-FILTER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-LOAD-BALANCER dst,dst
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-CLUSTER-IP dst,dst
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-EXTERNAL-IP dst,dst
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-EXTERNAL-IP-LOCAL dst,dst
0 0 RETURN all -- any any anywhere anywhere match-set KUBE-HEALTH-CHECK-NODE-PORT dst
0 0 REJECT all -- any any anywhere anywhere ctstate NEW match-set KUBE-IPVS-IPS dst reject-with icmp-port-unreachable
Chain KUBE-IPVS-OUT-FILTER (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-KUBELET-CANARY (0 references)
pkts bytes target prot opt in out source destination
Chain KUBE-NODE-PORT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* Kubernetes health check node port */ match-set KUBE-HEALTH-CHECK-NODE-PORT dst
Chain KUBE-NODEPORTS (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-PROXY-CANARY (0 references)
pkts bytes target prot opt in out source destination
Chain KUBE-PROXY-FIREWALL (5 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SERVICES (2 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SOURCE-RANGES-FIREWALL (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere
Chain cali-FORWARD (1 references)
pkts bytes target prot opt in out source destination
18M 13G MARK all -- any any anywhere anywhere /* cali:W_vvds1Nw3n9QE2f */ MARK and 0xffe5ffff
18M 13G cali-from-hep-forward all -- any any anywhere anywhere /* cali:ZfgmjuiLaA8Pg0kp */ mark match 0x0/0x10000
18M 10G cali-from-wl-dispatch all -- cali+ any anywhere anywhere /* cali:tAzwBLPaV-j53OOZ */
971K 506M cali-to-wl-dispatch all -- any cali+ anywhere anywhere /* cali:4Z0Pf0byo05NFe-P */
1164K 1940M cali-to-hep-forward all -- any any anywhere anywhere /* cali:hQ7Oc16wmUtLuneJ */
1164K 1940M cali-cidr-block all -- any any anywhere anywhere /* cali:rnKNH2WxGcRQcIlD */
Chain cali-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere /* cali:J76FwxInZIsk7uKY */ /* Allow IPv4 VXLAN packets from allowed hosts */ multiport dports 4789 match-set cali40all-vxlan-net src ADDRTYPE match dst-type LOCAL
0 0 DROP udp -- any any anywhere anywhere /* cali:EDCNTTxYfggApx8C */ /* Drop IPv4 VXLAN packets from non-allowed hosts */ multiport dports 4789 ADDRTYPE match dst-type LOCAL
125M 38G MARK all -- any any anywhere anywhere /* cali:Hz1t719gvzQYArBa */ MARK and 0x1fffff
125M 38G cali-forward-check all -- any any anywhere anywhere /* cali:rt1ceUt-QunCljVo */
13709 1560K RETURN all -- any any anywhere anywhere /* cali:5TfExhsEygaw5WNP */ mark match ! 0x0/0xffe00000
3803K 900M cali-wl-to-host all -- cali+ any anywhere anywhere [goto] /* cali:j6OiaG2jjZFeTZte */
0 0 ACCEPT all -- any any anywhere anywhere /* cali:WU4wJ9petBl26un4 */ mark match 0x10000/0x10000
121M 37G MARK all -- any any anywhere anywhere /* cali:_mSLQGQIis29dwhH */ MARK and 0xffe4ffff
121M 37G cali-from-host-endpoint all -- any any anywhere anywhere /* cali:pt2p0_J8ELXMHiay */
0 0 ACCEPT all -- any any anywhere anywhere /* cali:-4XE-lAiaxcnxl-8 */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:Mq1_rAdXXH3YkrzW */ mark match 0x10000/0x10000
0 0 cali-forward-endpoint-mark all -- any any anywhere anywhere [goto] /* cali:WNHnGdgrUWvfYkdH */ mark match ! 0x0/0xffe00000
3826K 1006M RETURN all -- any cali+ anywhere anywhere /* cali:Up2wGMO6nRDp24b- */
0 0 ACCEPT udp -- any any anywhere anywhere /* cali:QsE5fnM-jCO2_R_T */ /* Allow IPv4 VXLAN packets to other allowed hosts */ multiport dports 4789 ADDRTYPE match src-type LOCAL match-set cali40all-vxlan-net dst
121M 36G MARK all -- any any anywhere anywhere /* cali:y338Pv7g73V_m9Wq */ MARK and 0xffe4ffff
121M 36G cali-to-host-endpoint all -- any any anywhere anywhere /* cali:6tWiGowqka9jSA7w */ ! ctstate DNAT
0 0 ACCEPT all -- any any anywhere anywhere /* cali:2rC7tEofqr0eOMMq */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-cidr-block (1 references)
pkts bytes target prot opt in out source destination
Chain cali-forward-check (1 references)
pkts bytes target prot opt in out source destination
123M 38G RETURN all -- any any anywhere anywhere /* cali:Pbldlb4FaULvpdD8 */ ctstate RELATED,ESTABLISHED
0 0 cali-set-endpoint-mark tcp -- any any anywhere anywhere [goto] /* cali:ZD-6UxuUtGW-xtzg */ /* To kubernetes NodePort service */ multiport dports 30000:32767 match-set cali40this-host dst
0 0 cali-set-endpoint-mark udp -- any any anywhere anywhere [goto] /* cali:CbPfUajQ2bFVnDq4 */ /* To kubernetes NodePort service */ multiport dports 30000:32767 match-set cali40this-host dst
13734 1562K cali-set-endpoint-mark all -- any any anywhere anywhere /* cali:jmhU0ODogX-Zfe5g */ /* To kubernetes service */ ! match-set cali40this-host dst
Chain cali-forward-endpoint-mark (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-from-endpoint-mark all -- any any anywhere anywhere /* cali:VYFqh16JYiw3cgNB */ mark match ! 0x200000/0xffe00000
0 0 cali-to-wl-dispatch all -- any cali+ anywhere anywhere /* cali:2lKRDazGTrGrCwLx */
0 0 cali-to-hep-forward all -- any any anywhere anywhere /* cali:loGDq4znkQ2ypegW */
0 0 MARK all -- any any anywhere anywhere /* cali:KVrWUDPOw87B6a-K */ MARK and 0x1fffff
0 0 ACCEPT all -- any any anywhere anywhere /* cali:G-_uEKDzkg-3A3cw */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000
Chain cali-from-endpoint-mark (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-fw-cali06aac5ed2e0 all -- any any anywhere anywhere [goto] /* cali:NqvGc2tO5bG9kPzm */ mark match 0xb000000/0xffe00000
0 0 cali-fw-cali4272878fdab all -- any any anywhere anywhere [goto] /* cali:Lf5RSyndFxgmdP4r */ mark match 0xe2200000/0xffe00000
0 0 cali-fw-cali609774fb6ac all -- any any anywhere anywhere [goto] /* cali:_5uMGodArkE-Vxd1 */ mark match 0x36e00000/0xffe00000
0 0 cali-fw-cali6099c4a8778 all -- any any anywhere anywhere [goto] /* cali:lKPdzxLHetqSE4S5 */ mark match 0x1a000000/0xffe00000
0 0 cali-fw-cali669be974601 all -- any any anywhere anywhere [goto] /* cali:qfai7Z3SLYX3QYhl */ mark match 0x65200000/0xffe00000
0 0 cali-fw-cali81ba87c5c60 all -- any any anywhere anywhere [goto] /* cali:1KDdaTsWDXF5hKbx */ mark match 0xd4400000/0xffe00000
0 0 cali-fw-calid1d7cde9caf all -- any any anywhere anywhere [goto] /* cali:BiMlYJIeItr_Ffiv */ mark match 0x20a00000/0xffe00000
0 0 cali-fw-calif9c0036887f all -- any any anywhere anywhere [goto] /* cali:3Itw3T4XujLdd8RT */ mark match 0xcf400000/0xffe00000
0 0 DROP all -- any any anywhere anywhere /* cali:ew2e_JLr9QWbXrby */ /* Unknown interface */
Chain cali-from-hep-forward (1 references)
pkts bytes target prot opt in out source destination
Chain cali-from-host-endpoint (1 references)
pkts bytes target prot opt in out source destination
Chain cali-from-wl-dispatch (2 references)
pkts bytes target prot opt in out source destination
0 0 cali-fw-cali06aac5ed2e0 all -- cali06aac5ed2e0 any anywhere anywhere [goto] /* cali:ZwugcL6XFDdYAgWo */
401 57384 cali-fw-cali4272878fdab all -- cali4272878fdab any anywhere anywhere [goto] /* cali:7HDj0x5wLTn-42A4 */
469 42827 cali-from-wl-dispatch-6 all -- cali6+ any anywhere anywhere [goto] /* cali:ZAJ2dXMdPsU9SRRo */
869 363K cali-fw-cali81ba87c5c60 all -- cali81ba87c5c60 any anywhere anywhere [goto] /* cali:VZpVpd8L9WgM2Nev */
0 0 cali-fw-calid1d7cde9caf all -- calid1d7cde9caf any anywhere anywhere [goto] /* cali:1hLp7RJv7HQkJQ8e */
87 14201 cali-fw-calif9c0036887f all -- calif9c0036887f any anywhere anywhere [goto] /* cali:2i8hmBSgI2Xshzwc */
0 0 DROP all -- any any anywhere anywhere /* cali:l0BRSwLeCbLV8WPD */ /* Unknown interface */
Chain cali-from-wl-dispatch-6 (1 references)
pkts bytes target prot opt in out source destination
221 18623 cali-fw-cali609774fb6ac all -- cali609774fb6ac any anywhere anywhere [goto] /* cali:LApTFxA3Qdtf49bZ */
210 17839 cali-fw-cali6099c4a8778 all -- cali6099c4a8778 any anywhere anywhere [goto] /* cali:IJoQaxNJxgIlrbXJ */
70 11573 cali-fw-cali669be974601 all -- cali669be974601 any anywhere anywhere [goto] /* cali:_Z8ak2rfRmMzIHki */
0 0 DROP all -- any any anywhere anywhere /* cali:ZRoNdco4TUAvK_Vn */ /* Unknown interface */
Chain cali-fw-cali06aac5ed2e0 (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:XOFLWXO7-mslzo1g */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:Ll0UlENmL6pzojpF */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:fNDDPFqKVe9o0haP */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:8GfWMzSWNm2_cwwE */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:vsXDAyZwZlkxoxQ4 */ /* Drop IPinIP encapped packets originating in workloads */
0 0 MARK all -- any any anywhere anywhere /* cali:yQopE5G-ps70dxFE */ /* Start of tier default */ MARK and 0xfffdffff
0 0 cali-po-_YYnSgB46MA1TYU44kJq all -- any any anywhere anywhere /* cali:KnwLLVbzYvW7KQXB */ mark match 0x0/0x20000
0 0 RETURN all -- any any anywhere anywhere /* cali:A1snBmfFQM5lm5AT */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:mS3UA53RobyeYEzc */ mark match 0x0/0x20000 nflog-prefix "DPE|default" nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:4CjCBGdO3vd7F2sb */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:kAdXR-EJZJXEDx5v */
0 0 RETURN all -- any any anywhere anywhere /* cali:DDhIRdWqr-XT7gHY */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_jtt6i-KVVwZ-74H4ov all -- any any anywhere anywhere /* cali:hahnV-8t-uT1FKTb */
0 0 RETURN all -- any any anywhere anywhere /* cali:KHX9PyxjdDoXxRiD */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:jgIAkYDvbRAPwzQG */ nflog-prefix DRE nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:TqjHYmLLfECYWY4P */ /* Drop if no profiles matched */
Chain cali-fw-cali4272878fdab (2 references)
pkts bytes target prot opt in out source destination
401 57384 ACCEPT all -- any any anywhere anywhere /* cali:k9XmwBHSNT3utOPl */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:bvPuWlKmajjjxDCF */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:sr-Ckoqv1lOo1Zlm */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:d98H44hzv5iLt6H7 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:lj6f4_R85i5Y40ys */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:FoR0X-GlJCq4EyBR */
0 0 RETURN all -- any any anywhere anywhere /* cali:FnP5VhEGcvJ-XO2P */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_nzzjLvInId1gPHmQz_ all -- any any anywhere anywhere /* cali:dbJeSAkATF1EKXWi */
0 0 RETURN all -- any any anywhere anywhere /* cali:cxBZhVNvQgdeDIP1 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:HHIrqGl8cEckkdfH */ nflog-prefix DRE nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:OsI_JftO9st35RQh */ /* Drop if no profiles matched */
Chain cali-fw-cali609774fb6ac (2 references)
pkts bytes target prot opt in out source destination
277 26129 ACCEPT all -- any any anywhere anywhere /* cali:deNQP_3cY7m5QCF6 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:MZCLKxhSLnAH2HXB */ ctstate INVALID
4 372 MARK all -- any any anywhere anywhere /* cali:nOleuk1YABYIjuzP */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:tANFA9tQzyyw8Ge0 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:zAOWlskE17q6kgSe */ /* Drop IPinIP encapped packets originating in workloads */
4 372 cali-pro-kns.kube-system all -- any any anywhere anywhere /* cali:-kPa_LoE-aI0ETIY */
4 372 RETURN all -- any any anywhere anywhere /* cali:0xMI5-xW7QQg3CRA */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:L0MTFNMklWblOnhY */
0 0 RETURN all -- any any anywhere anywhere /* cali:K_Waz3VkTCygzmUb */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:q3tPa2RKWRfdyLkh */ nflog-prefix DRE nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:37R48PxhIUrOt-DB */ /* Drop if no profiles matched */
Chain cali-fw-cali6099c4a8778 (2 references)
pkts bytes target prot opt in out source destination
252 23172 ACCEPT all -- any any anywhere anywhere /* cali:EO5cZDN5AfPg1jRY */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:rkQazqqw4cTvSnkK */ ctstate INVALID
1 84 MARK all -- any any anywhere anywhere /* cali:yhF6feczwTnif02H */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:vrzAmEHarspGyTGa */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:K4QpReCGODGORii7 */ /* Drop IPinIP encapped packets originating in workloads */
1 84 cali-pro-kns.kube-system all -- any any anywhere anywhere /* cali:yLwYrgyZsA14c7Em */
1 84 RETURN all -- any any anywhere anywhere /* cali:kGZu-2JzGbM4eU04 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:b1l-Jw34EsOSgd4R */
0 0 RETURN all -- any any anywhere anywhere /* cali:LsdEEdkB3UnjiYDz */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:GNN5nRvptA-e7Tf6 */ nflog-prefix DRE nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:6Xzc7tgJyfZTJdt_ */ /* Drop if no profiles matched */
Chain cali-fw-cali669be974601 (2 references)
pkts bytes target prot opt in out source destination
70 11573 ACCEPT all -- any any anywhere anywhere /* cali:Jci-QJ8Nhq765fT8 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:ltV90xcAeEp2Vcbg */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:tVwu9y5k59tss6yO */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:b8wHJ-SBvOI09EzG */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:-Sc9mYIwtJr-WRMm */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:-Kq7dKSkhe3rlqO_ */
0 0 RETURN all -- any any anywhere anywhere /* cali:LVbb9ntu9SE_I_dR */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_eY4Bnp6m80Op5FOwqd all -- any any anywhere anywhere /* cali:rLcB-SxVWyp3UHhS */
0 0 RETURN all -- any any anywhere anywhere /* cali:_F3yCHsIFYW-vAbu */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:JkUNPu3SXtt8NJYa */ nflog-prefix DRE nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:hPjUnoFLmxkqXjRY */ /* Drop if no profiles matched */
Chain cali-fw-cali81ba87c5c60 (2 references)
pkts bytes target prot opt in out source destination
1334 593K ACCEPT all -- any any anywhere anywhere /* cali:vCqamwKrVQ8k3Ox- */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:4nzp9kuyBs99j6Rm */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:wF3FgFvgE_Xoe9aL */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:1Ca7h1A1Qr0uiGnB */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:nqGI4XzPrADt3ODw */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:tvgmCuynMP8XucWh */
0 0 RETURN all -- any any anywhere anywhere /* cali:CoZViETAcJiGTrGX */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:YDl7x5itve0iVpu5 */
0 0 RETURN all -- any any anywhere anywhere /* cali:d5T8JDGRIXWxN9mo */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:MKxCDcBuD4DPZxsx */ nflog-prefix DRE nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:akuYyDzTmsyJqZiP */ /* Drop if no profiles matched */
Chain cali-fw-calid1d7cde9caf (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:Z_L6GVhEfHFme43p */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:DS5f9KBZgvip15HJ */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:LehptkjCH_RZY4YC */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:qctFT7Nkc4Yx61uW */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:OxyQpUZn9_-DfYnT */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-kns.calico-system all -- any any anywhere anywhere /* cali:N80WZCBnwzMyH_Bj */
0 0 RETURN all -- any any anywhere anywhere /* cali:UDdYKQiaeoWZCnxx */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_ymJUz7yzI6NOKJhG2- all -- any any anywhere anywhere /* cali:sZZB0eMd059qZexl */
0 0 RETURN all -- any any anywhere anywhere /* cali:OP1Cs-oDL2Le1sL5 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:eYZCYMs1a-8kbKX_ */ nflog-prefix DRE nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:kFyRgTRcN7m8k-vA */ /* Drop if no profiles matched */
Chain cali-fw-calif9c0036887f (2 references)
pkts bytes target prot opt in out source destination
445 73646 ACCEPT all -- any any anywhere anywhere /* cali:l2opPdEpcXJHaMvO */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:wrbenq7Cco33fl24 */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:k1G-mJX0P7T5SHnd */ MARK and 0xfffcffff
0 0 DROP udp -- any any anywhere anywhere /* cali:n53l8qnjXgSfnmfx */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP ipencap -- any any anywhere anywhere /* cali:OMs6KyMd26xVPPK_ */ /* Drop IPinIP encapped packets originating in workloads */
0 0 cali-pro-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:hucW3DhYBIym-vzb */
0 0 RETURN all -- any any anywhere anywhere /* cali:5VdOMla2bMloK3vc */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:Nx58-WGH01LZ4GRf */
0 0 RETURN all -- any any anywhere anywhere /* cali:vIZ3R5NCixZYm552 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:o-k6O8XjUmz5kYPV */ nflog-prefix DRE nflog-group 2 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:B6eBWAugO3TbEYeC */ /* Drop if no profiles matched */
Chain cali-pi-_FDiLImilezd09cpg5ci (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- any any anywhere anywhere /* cali:wH4Z-YLtazvrkIUi */ /* Policy calico-apiserver/knp.default.allow-apiserver ingress */ multiport dports 5443 MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:pV3tRI_BN9MkLz81 */ mark match 0x10000/0x10000 nflog-prefix "API0|calico-apiserver/knp.default.allow-apiserver" nflog-group 1 nflog-size 80
Chain cali-pi-_U7WUiLyTu5Vc3j6v19u (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- any any anywhere anywhere /* cali:-1XSFfQZOlUTo8yH */ /* Policy calico-system/knp.default.goldmane ingress */ multiport dports 7443 MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:EMIA5LQXZZkoiYUT */ mark match 0x10000/0x10000 nflog-prefix "API0|calico-system/knp.default.goldmane" nflog-group 1 nflog-size 80
Chain cali-pi-_YYnSgB46MA1TYU44kJq (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:JBv9xOy5yJdiWKiY */ /* Policy calico-system/knp.default.whisker ingress */
Chain cali-po-_YYnSgB46MA1TYU44kJq (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- any any anywhere anywhere /* cali:WLeBgvgJTxHWj12b */ /* Policy calico-system/knp.default.whisker egress */ match-set cali40s:bgLSTkNhu0BKRQ9zwXjvfbX dst multiport dports 7443 MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:ZCKHAWDzorg1xgU9 */ mark match 0x10000/0x10000 nflog-prefix "APE0|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80
0 0 RETURN all -- any any anywhere anywhere /* cali:3UX05GcN2RCJ36oa */ mark match 0x10000/0x10000
0 0 MARK tcp -- any any anywhere anywhere /* cali:8bPWZZY0GvWgDVWB */ match-set cali40s:n27_8wNKytyIy8FV4MfcwNI dst multiport dports domain MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:djKrvOA3jJyhyYiW */ mark match 0x10000/0x10000 nflog-prefix "APE1|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80
0 0 RETURN all -- any any anywhere anywhere /* cali:ekAjEdOWCdE3pANn */ mark match 0x10000/0x10000
0 0 MARK udp -- any any anywhere anywhere /* cali:ew262h3gUE6ZESH4 */ match-set cali40s:n27_8wNKytyIy8FV4MfcwNI dst multiport dports domain MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:oz5I3LtAEHtfHSTH */ mark match 0x10000/0x10000 nflog-prefix "APE2|calico-system/knp.default.whisker" nflog-group 2 nflog-size 80
Chain cali-pri-_4yi5_iSUAwsU8zMHTk (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:ZYnaZZFwsSjfXO4C */ /* Profile ksa.calico-apiserver.calico-apiserver ingress */
Chain cali-pri-_eY4Bnp6m80Op5FOwqd (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:jyhZblM1OzY4DUqi */ /* Profile ksa.calico-system.goldmane ingress */
Chain cali-pri-_jtt6i-KVVwZ-74H4ov (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:No_RDbsVx31noDvv */ /* Profile ksa.calico-system.whisker ingress */
Chain cali-pri-_kJqfZpgUe7r2t4A-14 (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:IQx0SzlDGn6BPv0A */ /* Profile kns.calico-apiserver ingress */ MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:dHGDmF90Anl0gS_s */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.calico-apiserver" nflog-group 1 nflog-size 80
Chain cali-pri-_nzzjLvInId1gPHmQz_ (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:UQoEf2WCdU0bPTCb */ /* Profile ksa.calico-system.calico-kube-controllers ingress */
Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:WqgznqAQ-uYV0oBx */ /* Profile ksa.kube-system.coredns ingress */
Chain cali-pri-_ymJUz7yzI6NOKJhG2- (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:52zm9tLYY65R0fSD */ /* Profile ksa.calico-system.csi-node-driver ingress */
Chain cali-pri-kns.calico-system (4 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:hLANj-OVIyT53h_j */ /* Profile kns.calico-system ingress */ MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:eDg78bIqr5YAUJqq */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.calico-system" nflog-group 1 nflog-size 80
Chain cali-pri-kns.kube-system (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:J1TyxtHWd0qaBGK- */ /* Profile kns.kube-system ingress */ MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:GulrEF2fpGf_rDXZ */ mark match 0x10000/0x10000 nflog-prefix "ARI0|kns.kube-system" nflog-group 1 nflog-size 80
Chain cali-pro-_4yi5_iSUAwsU8zMHTk (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:Pp_dQp2FeNabRhyi */ /* Profile ksa.calico-apiserver.calico-apiserver egress */
Chain cali-pro-_eY4Bnp6m80Op5FOwqd (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:2fVOokqK7Gq6i9oT */ /* Profile ksa.calico-system.goldmane egress */
Chain cali-pro-_jtt6i-KVVwZ-74H4ov (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:57j7D-KvPIuU1Pml */ /* Profile ksa.calico-system.whisker egress */
Chain cali-pro-_kJqfZpgUe7r2t4A-14 (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:_cFTxC141wwWRzyZ */ /* Profile kns.calico-apiserver egress */ MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:f0yo1d83bjuf3_XV */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.calico-apiserver" nflog-group 2 nflog-size 80
Chain cali-pro-_nzzjLvInId1gPHmQz_ (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:5bHxBXLMkJKgC6dk */ /* Profile ksa.calico-system.calico-kube-controllers egress */
Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:0-_UPh39dt5XfhmJ */ /* Profile ksa.kube-system.coredns egress */
Chain cali-pro-_ymJUz7yzI6NOKJhG2- (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere /* cali:yuJvAdyU1LYltt-O */ /* Profile ksa.calico-system.csi-node-driver egress */
Chain cali-pro-kns.calico-system (4 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:gWxJzCZXxl31NR0P */ /* Profile kns.calico-system egress */ MARK or 0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:AEuaZm2Broif1jyV */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.calico-system" nflog-group 2 nflog-size 80
Chain cali-pro-kns.kube-system (2 references)
pkts bytes target prot opt in out source destination
5 456 MARK all -- any any anywhere anywhere /* cali:tgOR2S8DVHZW3F1M */ /* Profile kns.kube-system egress */ MARK or 0x10000
5 456 NFLOG all -- any any anywhere anywhere /* cali:FNtcg_qkksn6zdBc */ mark match 0x10000/0x10000 nflog-prefix "ARE0|kns.kube-system" nflog-group 2 nflog-size 80
Chain cali-set-endpoint-mark (3 references)
pkts bytes target prot opt in out source destination
0 0 cali-sm-cali06aac5ed2e0 all -- cali06aac5ed2e0 any anywhere anywhere [goto] /* cali:VTx5PhFFyF-lvt6f */
1 60 cali-sm-cali4272878fdab all -- cali4272878fdab any anywhere anywhere [goto] /* cali:uGD6CMQiuS9CQ2e0 */
0 0 cali-set-endpoint-mark-6 all -- cali6+ any anywhere anywhere [goto] /* cali:D0MH7hqic2TN97lh */
0 0 cali-sm-cali81ba87c5c60 all -- cali81ba87c5c60 any anywhere anywhere [goto] /* cali:qbtsUWYy6U6fb4BD */
0 0 cali-sm-calid1d7cde9caf all -- calid1d7cde9caf any anywhere anywhere [goto] /* cali:BUZ0BiLD_-f9-ogs */
0 0 cali-sm-calif9c0036887f all -- calif9c0036887f any anywhere anywhere [goto] /* cali:9H2kEgVdK2ZcU0QK */
0 0 DROP all -- cali+ any anywhere anywhere /* cali:lIn0AYKUhuwj7LPp */ /* Unknown endpoint */
3 927 MARK all -- any any anywhere anywhere /* cali:hKj-b2sF9Hhnov-T */ /* Non-Cali endpoint mark */ MARK xset 0x200000/0xffe00000
Chain cali-set-endpoint-mark-6 (1 references)
pkts bytes target prot opt in out source destination
0 0 cali-sm-cali609774fb6ac all -- cali609774fb6ac any anywhere anywhere [goto] /* cali:qArnK2wxbUsqli-X */
0 0 cali-sm-cali6099c4a8778 all -- cali6099c4a8778 any anywhere anywhere [goto] /* cali:MYuavHsmsFy64foR */
1 60 cali-sm-cali669be974601 all -- cali669be974601 any anywhere anywhere [goto] /* cali:EEXdnrh8fCcqtDhY */
Chain cali-sm-cali06aac5ed2e0 (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:HoEAg0DDcZ8Opkpp */ MARK xset 0xb000000/0xffe00000
Chain cali-sm-cali4272878fdab (1 references)
pkts bytes target prot opt in out source destination
1 60 MARK all -- any any anywhere anywhere /* cali:NGa9UJGy05xgsPc8 */ MARK xset 0xe2200000/0xffe00000
Chain cali-sm-cali609774fb6ac (1 references)
pkts bytes target prot opt in out source destination
3 180 MARK all -- any any anywhere anywhere /* cali:bJjoDdRDDjnMASLG */ MARK xset 0x36e00000/0xffe00000
Chain cali-sm-cali6099c4a8778 (1 references)
pkts bytes target prot opt in out source destination
3 180 MARK all -- any any anywhere anywhere /* cali:82x_dEPLEoT20B_p */ MARK xset 0x1a000000/0xffe00000
Chain cali-sm-cali669be974601 (1 references)
pkts bytes target prot opt in out source destination
1 60 MARK all -- any any anywhere anywhere /* cali:rwV03TK4R5Oe567f */ MARK xset 0x65200000/0xffe00000
Chain cali-sm-cali81ba87c5c60 (1 references)
pkts bytes target prot opt in out source destination
1 60 MARK all -- any any anywhere anywhere /* cali:V0a-6DPh592NmUoy */ MARK xset 0xd4400000/0xffe00000
Chain cali-sm-calid1d7cde9caf (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere anywhere /* cali:JGFe0FiZVpGPXDCM */ MARK xset 0x20a00000/0xffe00000
Chain cali-sm-calif9c0036887f (1 references)
pkts bytes target prot opt in out source destination
1 60 MARK all -- any any anywhere anywhere /* cali:ZCSoJXGDr33i-Hi_ */ MARK xset 0xcf400000/0xffe00000
Chain cali-to-hep-forward (2 references)
pkts bytes target prot opt in out source destination
Chain cali-to-host-endpoint (1 references)
pkts bytes target prot opt in out source destination
Chain cali-to-wl-dispatch (2 references)
pkts bytes target prot opt in out source destination
0 0 cali-tw-cali06aac5ed2e0 all -- any cali06aac5ed2e0 anywhere anywhere [goto] /* cali:O4WXlpMR5p72ji8L */
0 0 cali-tw-cali4272878fdab all -- any cali4272878fdab anywhere anywhere [goto] /* cali:MGzwVjhGwejct4o- */
2 342 cali-to-wl-dispatch-6 all -- any cali6+ anywhere anywhere [goto] /* cali:aZI2aR32DPe7aHDl */
0 0 cali-tw-cali81ba87c5c60 all -- any cali81ba87c5c60 anywhere anywhere [goto] /* cali:pV5POnnpOoNbHxDi */
0 0 cali-tw-calid1d7cde9caf all -- any calid1d7cde9caf anywhere anywhere [goto] /* cali:TbgmpRXqtNnhNAYH */
0 0 cali-tw-calif9c0036887f all -- any calif9c0036887f anywhere anywhere [goto] /* cali:AGp6jonFrCJNQ-aT */
0 0 DROP all -- any any anywhere anywhere /* cali:x8HrIB63o7zPzMfO */ /* Unknown interface */
Chain cali-to-wl-dispatch-6 (1 references)
pkts bytes target prot opt in out source destination
2 342 cali-tw-cali609774fb6ac all -- any cali609774fb6ac anywhere anywhere [goto] /* cali:KO1d5iFTnsNqXXEJ */
0 0 cali-tw-cali6099c4a8778 all -- any cali6099c4a8778 anywhere anywhere [goto] /* cali:iR_roLWQFLrMTXwu */
0 0 cali-tw-cali669be974601 all -- any cali669be974601 anywhere anywhere [goto] /* cali:EpOBbbIwYff5eIX1 */
0 0 DROP all -- any any anywhere anywhere /* cali:BrTP6jptG_mVWF47 */ /* Unknown interface */
Chain cali-tw-cali06aac5ed2e0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:c555lDw8v6NEvuqK */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:l9LAa5EsCPDPXzao */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:hw_rAGwCUOLMV-XJ */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:FpxfMzhlv1yZ1vYF */ /* Start of tier default */ MARK and 0xfffdffff
0 0 cali-pi-_YYnSgB46MA1TYU44kJq all -- any any anywhere anywhere /* cali:WJ2GKf8QAN_aAS0I */ mark match 0x0/0x20000
0 0 RETURN all -- any any anywhere anywhere /* cali:mQa5levsGm4UKNiO */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:Mc0XYeSHRYJDJyAU */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:qBVouEA7WlwzvUPI */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:gMbxSmCk7JodQlvZ */
0 0 RETURN all -- any any anywhere anywhere /* cali:Z5picu_5a3T2XEiL */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_jtt6i-KVVwZ-74H4ov all -- any any anywhere anywhere /* cali:j2O5PkACvP3sWuu6 */
0 0 RETURN all -- any any anywhere anywhere /* cali:89G5LGCHLD3luTGR */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:dMtRjX4osVeDG-uY */ nflog-prefix DRI nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:evVDsni4v86F7C-M */ /* Drop if no profiles matched */
Chain cali-tw-cali4272878fdab (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:uFk9ovk6bp8fi_Sg */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:1WLB3kvQ0Et6vc_f */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:AwqbyKndz_B9z0J3 */ MARK and 0xfffcffff
0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:DbbzThA6i0_7J7Jr */
0 0 RETURN all -- any any anywhere anywhere /* cali:JmuE5vY3TWt72Swl */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_nzzjLvInId1gPHmQz_ all -- any any anywhere anywhere /* cali:oPZZbW0TRjp7c3F2 */
0 0 RETURN all -- any any anywhere anywhere /* cali:Nr8A3XSmLLNan6he */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:bTNhe8jxCa8YPD_Z */ nflog-prefix DRI nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:G4bar_Uw1PIBMoGJ */ /* Drop if no profiles matched */
Chain cali-tw-cali609774fb6ac (1 references)
pkts bytes target prot opt in out source destination
4 672 ACCEPT all -- any any anywhere anywhere /* cali:sJu3w5eNB57CiBcy */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:Wx09Sk-H52WbD-Rx */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:Yta1cofPoqJL4ffB */ MARK and 0xfffcffff
0 0 cali-pri-kns.kube-system all -- any any anywhere anywhere /* cali:e7UJC46Mk1C1FOKX */
0 0 RETURN all -- any any anywhere anywhere /* cali:TsX3maC3p512hzqr */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:VMjE0CFZKVfwgWDF */
0 0 RETURN all -- any any anywhere anywhere /* cali:ybRhR2mVI06xBuDv */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:RmzkFHsOWEO-HTDQ */ nflog-prefix DRI nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:j7Lypy0LdHZNj02E */ /* Drop if no profiles matched */
Chain cali-tw-cali6099c4a8778 (1 references)
pkts bytes target prot opt in out source destination
1 159 ACCEPT all -- any any anywhere anywhere /* cali:gxz5hjC_qZgKETeb */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:sSJcdTDxOhxc2ed_ */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:6V7642F0MEwXG_UQ */ MARK and 0xfffcffff
0 0 cali-pri-kns.kube-system all -- any any anywhere anywhere /* cali:zx56TronI46_QoN_ */
0 0 RETURN all -- any any anywhere anywhere /* cali:9fNYQmxqIMDKolAY */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- any any anywhere anywhere /* cali:p6XqJuM21eUWHhES */
0 0 RETURN all -- any any anywhere anywhere /* cali:zJrOfGy-rMthiJs3 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:98aRvo86vmnuuYbQ */ nflog-prefix DRI nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:giWvH5Q1u9OJE8-L */ /* Drop if no profiles matched */
Chain cali-tw-cali669be974601 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:h1l3XMe37NElCV9H */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:HVkhb_-I1Hi50x-_ */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:RcfYSTHKLBXPE-ig */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:LZ822ohcJ0pGHXPY */ /* Start of tier default */ MARK and 0xfffdffff
0 0 cali-pi-_U7WUiLyTu5Vc3j6v19u all -- any any anywhere anywhere /* cali:GaaTm6sp_hjVv9d7 */ mark match 0x0/0x20000
0 0 RETURN all -- any any anywhere anywhere /* cali:zbbF_lwLggXZhbsh */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:Kfan89p-8nmhpyut */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:P0HmTDGvKjZA7ObZ */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:Zb0RsO_Oojsc8jhJ */
0 0 RETURN all -- any any anywhere anywhere /* cali:7zYWqia-NDr3mbt9 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_eY4Bnp6m80Op5FOwqd all -- any any anywhere anywhere /* cali:l0GwWExCQKpQqZeL */
0 0 RETURN all -- any any anywhere anywhere /* cali:JF2etY45m-jEPkmF */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:CiN3yx4yD6shjEBF */ nflog-prefix DRI nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:q_OTAD8tz05jFP0f */ /* Drop if no profiles matched */
Chain cali-tw-cali81ba87c5c60 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:Gy0X-vxlALTz7C35 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:dnYsTC65o_peJqf3 */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:riyc4wxbSxrykP-S */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:ELiRLlAVni4a77Rf */ /* Start of tier default */ MARK and 0xfffdffff
0 0 cali-pi-_FDiLImilezd09cpg5ci all -- any any anywhere anywhere /* cali:YHWNXCHsXemi4THB */ mark match 0x0/0x20000
0 0 RETURN all -- any any anywhere anywhere /* cali:AoALLcfz5bJqjd66 */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:P_DswWX1TRDbKCD0 */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:3gFxm2uMOKh3EWrv */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pri-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:xIGUZ5A2RhmAzHrT */
0 0 RETURN all -- any any anywhere anywhere /* cali:ZawFZdgnMVHS1tir */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:ydls_PAUcEd5Z0Ox */
0 0 RETURN all -- any any anywhere anywhere /* cali:aLFjXlQW5ede-IDZ */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:VWBqPIkLXAI0bWt_ */ nflog-prefix DRI nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:b08WLkHQ1BX8inxz */ /* Drop if no profiles matched */
Chain cali-tw-calid1d7cde9caf (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:hRB7-XctUPe88ZZk */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:5Ny6avYv85JPoRJe */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:GagZ9dIGbokhPHxE */ MARK and 0xfffcffff
0 0 cali-pri-kns.calico-system all -- any any anywhere anywhere /* cali:F731l3J44k4KjdP2 */
0 0 RETURN all -- any any anywhere anywhere /* cali:kbRHg540tOh4N_cM */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_ymJUz7yzI6NOKJhG2- all -- any any anywhere anywhere /* cali:R-xhL_4Y7U5IZG0o */
0 0 RETURN all -- any any anywhere anywhere /* cali:8vXJnWejqyZVtA2j */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:Czhrh2_H9p8Flack */ nflog-prefix DRI nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:h0Ci5MaToujH7Y0W */ /* Drop if no profiles matched */
Chain cali-tw-calif9c0036887f (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere /* cali:oz6V_BjWPUSq7jy5 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- any any anywhere anywhere /* cali:JZiEwCde79_2aQ3D */ ctstate INVALID
0 0 MARK all -- any any anywhere anywhere /* cali:5YYDmkvghoKIT4HF */ MARK and 0xfffcffff
0 0 MARK all -- any any anywhere anywhere /* cali:kuUbQTgPPemCTHeq */ /* Start of tier default */ MARK and 0xfffdffff
0 0 cali-pi-_FDiLImilezd09cpg5ci all -- any any anywhere anywhere /* cali:-C7QLAUoc3x5XM2z */ mark match 0x0/0x20000
0 0 RETURN all -- any any anywhere anywhere /* cali:RhzhIHkCtnt14BtH */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:p3U8oDWkDg76_5Qi */ mark match 0x0/0x20000 nflog-prefix "DPI|default" nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:zREqD0Ifnn3YZczJ */ /* End of tier default. Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pri-_kJqfZpgUe7r2t4A-14 all -- any any anywhere anywhere /* cali:n_TfwTgRacq2ISJk */
0 0 RETURN all -- any any anywhere anywhere /* cali:jNQ4GO9aXgRSxthL */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_4yi5_iSUAwsU8zMHTk all -- any any anywhere anywhere /* cali:qbUxg1aaMRQ1Ixb9 */
0 0 RETURN all -- any any anywhere anywhere /* cali:QSeh5D0_4n_HHlgh */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 NFLOG all -- any any anywhere anywhere /* cali:J_1DyLl_VrfD0WzH */ nflog-prefix DRI nflog-group 1 nflog-size 80
0 0 DROP all -- any any anywhere anywhere /* cali:v7INK_KCSelACDS8 */ /* Drop if no profiles matched */
Chain cali-wl-to-host (1 references)
pkts bytes target prot opt in out source destination
58M 10G cali-from-wl-dispatch all -- any any anywhere anywhere /* cali:Ee9Sbo10IpVujdIY */
32008 1920K ACCEPT all -- any any anywhere anywhere /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment