# Generated by iptables-save v1.8.4 on Thu Jan 26 10:18:33 2023
*filter
:INPUT ACCEPT [58339:70738199]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [51526:14968838]
:KUBE-FIREWALL - [0:0]
:KUBE-KUBELET-CANARY - [0:0]
-A INPUT -i ovn-k8s-mp0 -m comment --comment "from OVN to localhost" -j ACCEPT
-A INPUT -j KUBE-FIREWALL
-A FORWARD -p tcp -m tcp --dport 22624 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -p tcp -m tcp --dport 22623 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o ovn-k8s-mp0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ovn-k8s-mp0 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22624 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m tcp --dport 22623 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j KUBE-FIREWALL
-A KUBE-FIREWALL ! -s 127.0.0.0/8 -d 127.0.0.0/8 -m comment --comment "block incoming localnet connections" -m conntrack ! --ctstate RELATED,ESTABLISHED,DNAT -j DROP
-A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP
COMMIT
# Completed on Thu Jan 26 10:18:33 2023
# Generated by iptables-save v1.8.4 on Thu Jan 26 10:18:33 2023
*security
:INPUT ACCEPT [58565:70821841]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [51529:14968994]
COMMIT
# Completed on Thu Jan 26 10:18:33 2023
# Generated by iptables-save v1.8.4 on Thu Jan 26 10:18:33 2023
*raw
:PREROUTING ACCEPT [58577:70820999]
:OUTPUT ACCEPT [51529:14968994]
-A PREROUTING -p udp -m udp --dport 6081 -j NOTRACK
-A OUTPUT -p udp -m udp --dport 6081 -j NOTRACK
COMMIT
# Completed on Thu Jan 26 10:18:33 2023
# Generated by iptables-save v1.8.4 on Thu Jan 26 10:18:33 2023
*mangle
:PREROUTING ACCEPT [58577:70820999]
:INPUT ACCEPT [58556:70819781]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [51529:14968994]
:POSTROUTING ACCEPT [51529:14968994]
:KUBE-IPTABLES-HINT - [0:0]
:KUBE-KUBELET-CANARY - [0:0]
:OVN-KUBE-ITP - [0:0]
-A OUTPUT -j OVN-KUBE-ITP
COMMIT
# Completed on Thu Jan 26 10:18:33 2023
# Generated by iptables-save v1.8.4 on Thu Jan 26 10:18:33 2023
*nat
:PREROUTING ACCEPT [73:8162]
:INPUT ACCEPT [30:2004]
:POSTROUTING ACCEPT [445:48950]
:OUTPUT ACCEPT [884:75313]
:OVN-KUBE-SNAT-MGMTPORT - [0:0]
:KUBE-MARK-DROP - [0:0]
:KUBE-MARK-MASQ - [0:0]
:KUBE-POSTROUTING - [0:0]
:KUBE-KUBELET-CANARY - [0:0]
:OVN-KUBE-NODEPORT - [0:0]
:OVN-KUBE-ITP - [0:0]
:OVN-KUBE-EGRESS-SVC - [0:0]
:OVN-KUBE-EXTERNALIP - [0:0]
:OVN-KUBE-ETP - [0:0]
-A PREROUTING -j OVN-KUBE-ETP
-A PREROUTING -j OVN-KUBE-EXTERNALIP
-A PREROUTING -j OVN-KUBE-NODEPORT
-A POSTROUTING -j OVN-KUBE-EGRESS-SVC
-A POSTROUTING -s 10.42.0.0/24 -j MASQUERADE
-A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING
-A POSTROUTING -o ovn-k8s-mp0 -j OVN-KUBE-SNAT-MGMTPORT
-A OUTPUT -j OVN-KUBE-EXTERNALIP
-A OUTPUT -j OVN-KUBE-NODEPORT
-A OUTPUT -j OVN-KUBE-ITP
-A OVN-KUBE-SNAT-MGMTPORT -o ovn-k8s-mp0 -m comment --comment "OVN SNAT to Management Port" -j SNAT --to-source 10.42.0.2
-A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
-A KUBE-POSTROUTING -m mark ! --mark 0x4000/0x4000 -j RETURN
-A KUBE-POSTROUTING -j MARK --set-xmark 0x4000/0x0
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -j MASQUERADE --random-fully
-A OVN-KUBE-NODEPORT -p tcp -m addrtype --dst-type LOCAL -m tcp --dport 31716 -j DNAT --to-destination 10.43.47.31:8080
COMMIT
# Completed on Thu Jan 26 10:18:33 2023