I 've just subscribed you. Resolving, feel free to reopen is something is amiss
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jul 15 2019
Jul 15 2019
WMDE-jand is already part of wmde ldap group. To be added to the nda ldap group, having signed the NDA is a requirement and from what I see, that has happened as well, so adding you to that group now.
The account has been renamed on wikitech per https://wikitech.wikimedia.org/w/index.php?title=User:Waldyrious&action=history. LDAP has been updated as well.
List renamed, resolving.
akosiaris renamed T227698: rename mailing list "ri-team" to "product-infrastructure" from rename mailing list "ri_team" to "product-infrastructure" to rename mailing list "ri-team" to "product-infrastructure".
akosiaris closed T228047: puppet compiler fails on releases1001.eqiad.wmnet due to lack of Service[bacula-director] as Invalid.
Warning: Could not find resource 'Service[bacula-director]' in parameter 'notify' (at /srv/jenkins-workspace/puppet-compiler/224/production/src/modules/bacula/manifests/client.pp:74) Warning: Could not find resource 'File[/etc/bacula/jobs.d]' in parameter 'require' (at /srv/jenkins-workspace/puppet-compiler/224/production/src/modules/bacula/manifests/client/job.pp:42)
Task has been opened for the required amount of days, approvals are on file, merging the change and resolving the task. Thanks!
akosiaris triaged T227695: Requesting access to analytics-privatedata-users for mbsantos as Medium priority.
akosiaris updated subscribers of T227695: Requesting access to analytics-privatedata-users for mbsantos.
Adding @Nuria as the manager for analytics clusters.
akosiaris changed the status of T223463: (2019-09) Create secteam groups in admin.yaml and define permissions, a subtask of T224886: Establish secteam production norms, from Open to Stalled.
akosiaris changed the status of T223463: (2019-09) Create secteam groups in admin.yaml and define permissions from Open to Stalled.
Setting stalled and low priority per comments above. @sbassett feel free to unstall when ready.
@alaa_wmde. Gentle reminder about generating and posting a separate SSH key per https://wikitech.wikimedia.org/wiki/Production_shell_access#Setting_up_your_access.
Thanks for filling the task. Keys double checked, change merged. Should have propagated to the entirety of the fleet within 30m. Resolving this.
akosiaris closed T227859: Debian package for operations/software/service-checker FTBS due to missing tag upstream/0.1.5 as Resolved.
At the moment, engineering resources at the Foundation are committed to other project work, so we're in a bit of a holding pattern.
Jul 11 2019
Jul 11 2019
Publish restrouter 0.0.1
So, having a look into this, we don't really have LVS for testing services, (as they don't really need high availability). In fact we don't really have testing services at all in production. We are also meeting some performance issues with pybal (the software that powers LVS automation so we are trying to not push more LVS services into production until it's cleared).
Jul 10 2019
Jul 10 2019
Done!
akosiaris@ganeti1001:~$ sudo gnt-instance modify -B memory=4g ldap-eqiad-replica01.wikimedia.org Modified instance ldap-eqiad-replica01.wikimedia.org - be/memory -> 4096 Please don't forget that most parameters take effect only at the next (re)start of the instance initiated by ganeti; restarting from within the instance will not be enough. akosiaris@ganeti1001:~$ sudo gnt-instance modify -B memory=4g ldap-eqiad-replica02.wikimedia.org Modified instance ldap-eqiad-replica02.wikimedia.org - be/memory -> 4096 Please don't forget that most parameters take effect only at the next (re)start of the instance initiated by ganeti; restarting from within the instance will not be enough.
akosiaris awarded T227657: Reduce memory allocation for ldap-eqiad-replica instances a Like token.
LGTM
akosiaris awarded T227669: codfw: 2 VMs for LDAP replicas a Like token.
For what is worth there was 1 extra step (step 0 actually in the order) and it's Remove discovery records
There was some discussions during the SRE offsite regarding this. @faidon and @Volans have the details, but the gist of it is that servermon still provides 1 functionality that puppetboard does not and it's the ability to query a set of hosts and obtain an arbitrary set of facts for those hosts in a tabular format.
Jul 9 2019
Jul 9 2019
The host that powers that site was labtestweb2001.wikimedia.org but was replaced by cloudweb2001-dev.wikimedia.org which hasn't been put into service yet. Relevant tasks are T220426 and T218024. Tagging cloud-services-team and subscribing them to the task. I 'll remove operations and wikimedia-production-error, I don't think those apply.
In T176875#5317155, @Ottomata wrote:@Addshore, just saw T218710 and clicked through to here. If you use https://wikitech.wikimedia.org/wiki/HTTP_proxy, you can access wdqs.svc.eqiad.wmnet over HTTP from the analytics VLAN.
LGTM
akosiaris awarded T227567: Site: eqiad/codfw VM for ORES pool counters a Like token.
Jul 8 2019
Jul 8 2019
akosiaris added a comment to T227478: prometheus@k8s on prometheus1003 stopped updating deployments / metrics.
I am assuming we don't want to/can't backfill prometheus1003, right?
akosiaris awarded T227478: prometheus@k8s on prometheus1003 stopped updating deployments / metrics a Heartbreak token.
MoritzMuehlenhoff awarded T203963: Convert makevm to spicerack cookbook a Like token.
Jul 5 2019
Jul 5 2019
Moving the issue about the disks to T227335, resolving this one
Jul 4 2019
Jul 4 2019
akosiaris added a comment to T227041: Three small ganeti VMs to host haproxy for OpenStack endpoints.
In T227041#5303963, @aborrero wrote:Some questions I have. Do we have a single ganeti hypervisor in each row? Could you set affiniting/pinning for VMs/hypervisor running in ganeti? For what value of N we could deploy N virtual machines in N different ganeti hypervisors in the same DC row?
Jul 3 2019
Jul 3 2019
akosiaris changed the status of T227041: Three small ganeti VMs to host haproxy for OpenStack endpoints from Open to Stalled.
In T227041#5303652, @JHedden wrote:
akosiaris changed the status of T227041: Three small ganeti VMs to host haproxy for OpenStack endpoints, a subtask of T223907: Set up HA endpoints for keystone, glance, nova, designate apis, from Open to Stalled.
If guard releases stanzas
Update admin/README.md
Gerrit Code Review <gerrit@wikimedia.org> committed rDEPLOYCHARTSa897bcafa95c: Merge "Give scaffold template configuration options for dev purposes" (authored by akosiaris).
Merge "Give scaffold template configuration options for dev purposes"
akosiaris added a comment to T227041: Three small ganeti VMs to host haproxy for OpenStack endpoints.
In T227041#5302151, @Andrew wrote:How is corosync/pacemaker going to work then with a single VIP?
I may be missing something but we have range of service IPs that we can map to anywhere in eqiad, don't we?
Jul 2 2019
Jul 2 2019
akosiaris added a comment to T227041: Three small ganeti VMs to host haproxy for OpenStack endpoints.
In T227041#5301002, @Andrew wrote:(Let's use Buster for this if it's available on ganeti)
akosiaris added a comment to T227041: Three small ganeti VMs to host haproxy for OpenStack endpoints.
In T227041#5300492, @Andrew wrote:In T227041#5299907, @akosiaris wrote:Sounds fine to me. Please use row_A in eqiad for this as it has more resources available. Also, I guess all three VMs will have to go on the same row anyway due to the requirement that all 3 nodes share the network.
I was imagining that we'd put one in each of the three rows, since HA is the whole point and I don't want to just move the spof from the existing API endpoint to a ganeti server. I don't think there are network concerns since these are all going to serve public IPs.
akosiaris added a comment to T227041: Three small ganeti VMs to host haproxy for OpenStack endpoints.
Sounds fine to me. Please use row_A in eqiad for this as it has more resources available. Also, I guess all three VMs will have to go on the same row anyway due to the requirement that all 3 nodes share the network.
In T203963#5299546, @Volans wrote:@akosiaris the "plan" was partially explained as part of the bare metal/host provisioning breakout session at the SRE Summit. You can find more details in the notes of the summit but basically the TL;DR is that as part of the effort to automate host provisioning we're aiming to have a system in which we don't need to hardcode MAC addresses anymore.
The details of the plan are evolving with the plan itself but the gist is that it will involve DHCP option 82 (or IPv6 autoconf alternatively) and iPXE (or equivalent) to dynamically map a physical host to data available in Netbox and from there drive the whole installation process with the required parameters.
Ping me offline if you want more details.
In T203963#5297888, @Volans wrote:@Dzahn the hardcoded MAC addesses will soon not be needed anymore <snip>
akosiaris added a comment to T216605: Cannot assign user name "XXX" to account ####; name already in use..
ΟΚ, LGTM then.
Jul 1 2019
Jul 1 2019
In T203963#5297177, @elukey wrote:@akosiaris I know that today I asked you 1000 questions about ganeti, but if you could review the diff between debootstrap+default and bootstrap+default it would be super great (maybe they are not related to the error that I reported..)
All hosts are installed. They will be added to the clusters in a different task. @Papaul, thanks!
akosiaris moved T212189: New Service Request: Wikidata Termbox SSR from Doing 😎 to this.quarter 🍕 on the serviceops board.
akosiaris moved T212935: SRE FY2019-20 Q3 goal: Increase reach of deployment pipeline from Doing 😎 to 🗄 Projects on the serviceops board.
akosiaris awarded T226988: Add/report build meta data a Like token.
akosiaris added a comment to T226844: Create an-tool1006, a ganeti vm to be used as client for the Hadoop test cluster.
In T226844#5295161, @elukey wrote:Current status is:
elukey@ganeti1001:~$ sudo gnt-group list Group Nodes Instances AllocPolicy NDParams row_A 4 36 preferred ovs=False, ssh_port=22, ovs_link=, spindle_count=1, exclusive_storage=False, cpu_speed=1, ovs_name=switch1, oob_program= row_C 4 36 preferred ovs=False, ssh_port=22, ovs_link=, spindle_count=1, exclusive_storage=False, cpu_speed=1, ovs_name=switch1, oob_program=@akosiaris @MoritzMuehlenhoff is there any capacity limit at the moment or can I proceed with the creation of the VM? I expect this to live 3/6 months, only to support kerberos testing.
In T224988#5295172, @elukey wrote:I would go down to 4G with (on ganeti1001):
sudo gnt-instance modify -B memory=4g kafkamon1001.eqiad.wmnetSame thing for the codfw instance. From grafana it seems that we could go down even more, but since these hosts run Burrow (and we rely on it for Kafka lag metrics etc..) I'd be more cautious with the first step.
@akosiaris @MoritzMuehlenhoff does the above plan look ok?
Jun 27 2019
Jun 27 2019
In T212189#5289724, @Tarrow wrote:@akosiaris Yep; we've interpreted it as something we really need before exposing it to real traffic. We've got a ticket open about it that we'll be picking up real soon: T226625
Any feedback on the comment above?
OK, good to know. Moving to Low priority and Stalled status until then.
Jun 26 2019
Jun 26 2019
Gerrit Code Review <gerrit@wikimedia.org> committed rDEPLOYCHARTSf71d2721f769: Move into a more self-serve access pattern (authored by akosiaris).
Move into a more self-serve access pattern
Jun 25 2019
Jun 25 2019
So, the controllers on those boxes can't do hardware RAID and hence the drivers sees them as AHCI. That's fine, we already have multiple boxes with software RAID and can continue doing so. I 've uploaded the partman recipe above that I am currently testing (it already worked past the problematic stage pointed out above) that should resolve this and proceed normally.
Looking at the OTRS changelog for versions 5.0.x, I can't say I see anything obvious that would explain this behavior. But I concur that given the tickets above, this probably isn't infrastructure related
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
Using perf record also leads to the same conclusion as dropwatch for where the packets are dropped/discarded.
akosiaris@kubernetes2001:~$ sudo iptables-save -c # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *security :INPUT ACCEPT [482471:458394796] :FORWARD ACCEPT [5230383:926823265] :OUTPUT ACCEPT [401582:160386095] COMMIT # Completed on Tue Jun 25 11:34:30 2019 # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *mangle :PREROUTING ACCEPT [5377748:1301699262] :INPUT ACCEPT [451262:430220111] :FORWARD ACCEPT [4926486:871479151] :OUTPUT ACCEPT [462148:159025185] :POSTROUTING ACCEPT [5303371:1022846712] COMMIT # Completed on Tue Jun 25 11:34:30 2019 # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *raw :PREROUTING ACCEPT [64329:14887148] :OUTPUT ACCEPT [5649:1941977] :cali-OUTPUT - [0:0] :cali-PREROUTING - [0:0] :cali-failsafe-in - [0:0] :cali-failsafe-out - [0:0] :cali-from-host-endpoint - [0:0] :cali-pi-_NN8eH6jJQKwLM9t9UJm - [0:0] :cali-pi-k8s-policy-no-match - [0:0] :cali-po-_NN8eH6jJQKwLM9t9UJm - [0:0] :cali-po-k8s-policy-no-match - [0:0] :cali-to-host-endpoint - [0:0] [64018642:16933962409] -A cali-OUTPUT -m comment --comment "cali:38nOqDjL6rORZtSl" -j MARK --set-xmark 0x0/0x7000000 [0:0] -A cali-OUTPUT -m comment --comment "cali:qxtWla1G8uqJMI9B" -m mark --mark 0x1000000/0x1000000 -j ACCEPT [290048694:78634262604] -A cali-PREROUTING -m comment --comment "cali:x4XbVMc5P_kNXnTy" -j MARK --set-xmark 0x0/0x7000000 [89361648:26904223279] -A cali-PREROUTING -i cali+ -m comment --comment "cali:fQeZek80kVOPa0xO" -j MARK --set-xmark 0x4000000/0x4000000 [200687046:51730039325] -A cali-PREROUTING -m comment --comment "cali:xp3NolkIpulCQL_G" -m mark --mark 0x0/0x4000000 -j cali-from-host-endpoint [0:0] -A cali-PREROUTING -m comment --comment "cali:fbdE50A0BiINbNiA" -m mark --mark 0x1000000/0x1000000 -j ACCEPT [0:0] -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT [0:0] -A cali-failsafe-in -p udp -m comment --comment "cali:LwNV--R8MjeUYacw" -m multiport --dports 68 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:73bZKoyDfOpFwC2T" -m multiport --dports 2379 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:QMFuWo6o-d9yOpNm" -m multiport --dports 2380 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:Kup7QkrsdmfGX0uL" -m multiport --dports 4001 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:xYYr5PEqDf_Pqfkv" -m multiport --dports 7001 -j ACCEPT [0:0] -A cali-failsafe-out -p udp -m comment --comment "cali:nbWBvu4OtudVY60Q" -m multiport --dports 53 -j ACCEPT [0:0] -A cali-failsafe-out -p udp -m comment --comment "cali:UxFu5cDK5En6dT3Y" -m multiport --dports 67 -j ACCEPT [0:0] -A cali-pi-_NN8eH6jJQKwLM9t9UJm -p tcp -m comment --comment "cali:L9wBYmIq1tVTrZ0e" -m multiport --dports 10044,9102 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-pi-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:-JLGkjr5h5p2yYkk" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-pi-k8s-policy-no-match -m comment --comment "cali:eXR8WKtGQfKPd5zm" -j MARK --set-xmark 0x2000000/0x2000000 [0:0] -A cali-pi-k8s-policy-no-match -m comment --comment "cali:J7UwAp2kUUNYDEbZ" -m mark --mark 0x2000000/0x2000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.64.0/21 -m comment --comment "cali:Hb_51jLXnfOG55Ee" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:cLF0h3yCOrcSDnrl" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.64.0/21 -m comment --comment "cali:CdwsSH_58_DbGvf0" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Oa68jDAaW6NII-m6" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.75.0/24 -m comment --comment "cali:TSXdJ1H2N_hXyday" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:mf2BTGZY0ISNWkNh" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.254/32 -p udp -m comment --comment "cali:0LzccY922C2RXHxm" -m multiport --dports 53 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:HRMOBzbeUb8jaL4u" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.254/32 -p udp -m comment --comment "cali:bhiaHiL9JCHwqHvi" -m multiport --dports 53 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0q4r-SxGe_ibo0no" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.49/32 -p tcp -m comment --comment "cali:hToG5b-iPJFd5XjI" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:eSo6kMycXntF2a1T" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.16/32 -p tcp -m comment --comment "cali:kyvmINmgTIfxjSaX" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:zRgMTTBKw1py7iIv" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.50/32 -p tcp -m comment --comment "cali:iYfLoQeLIq_czQ4P" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:aGzXXBhuOWVcS6FN" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.80/32 -p tcp -m comment --comment "cali:XpdQ0OL7hPwSSSNe" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XjeixYpdjfuf2671" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.155/32 -p udp -m comment --comment "cali:-EBqY4sXgD3gPi7P" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:suEYEFA8kMWqTNkV" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.149/32 -p udp -m comment --comment "cali:rnJyq8BucayeNV6Q" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:LFhASW0XbK8DuS3t" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.33/32 -p udp -m comment --comment "cali:MdaRdYW1qhouPjZ7" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:wbOg7IZSwPvrZmfP" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.36/32 -p tcp -m comment --comment "cali:jpm6xvx86o-ZoCo5" -m multiport --dports 10514,11514 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:GNWq-7eQNyPTDmcm" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.36/32 -p udp -m comment --comment "cali:voBBjKhA4F4o55ug" -m multiport --dports 8324,10514,11514,12201 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:5YZDpOvkoQEE3lRA" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.17/32 -p tcp -m comment --comment "cali:dLmgOSNW0H_6Exkg" -m multiport --dports 7231 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:9H-mzrz4ehEKXl1X" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.17/32 -p tcp -m comment --comment "cali:was_SzvHzmFTyt02" -m multiport --dports 7231 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0YVo7kQNQjbvKRj2" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.22/32 -p tcp -m comment --comment "cali:oFAHWeFrCSIrpZlD" -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:JiJ4vNTbfZRUEzd0" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.22/32 -p tcp -m comment --comment "cali:TSDl4FLJ1ujJHuXv" -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:1i1RU4vECUoFlmo0" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.23/32 -p tcp -m comment --comment "cali:MSU4fRChUyOk4lyp" -m multiport --dports 8085 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:NKIPE4KwZPTViOzH" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.23/32 -p tcp -m comment --comment "cali:gez_Tq-M3vy4iAbe" -m multiport --dports 8085 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:j405UyE0p_-_uU4_" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.224/32 -p tcp -m comment --comment "cali:nsQ7TdxDHOCY2nAI" -m set --match-set cali4-s:xo0brK9aUuXJ0GzbOaeP8VM src -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:OLwF7XZTMAkYeIwD" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.224/32 -p tcp -m comment --comment "cali:CIiPZCu1Pl84ZOvB" -m set --match-set cali4-s:xo0brK9aUuXJ0GzbOaeP8VM src -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:krmNho4RTZf3JHFx" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.175/32 -p tcp -m comment --comment "cali:-lsa6yyGNVX9YJvM" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:yq1vrydFLuztiAxM" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.176/32 -p tcp -m comment --comment "cali:xOyAo5MZznuPJ0VR" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:C4QvUoW31pNb1q2x" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.99/32 -p tcp -m comment --comment "cali:GDTd_AKxf_MCDzC9" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xehNYDdstr1q27_L" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.159/32 -p tcp -m comment --comment "cali:Mx3mdosC-q2_oVyr" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:YJfgYuXByL6Z0rcg" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.160/32 -p tcp -m comment --comment "cali:wqpGhyiIgU0HqgqV" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:i8Lo3DEhoWHCG-l9" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.117/32 -p tcp -m comment --comment "cali:0vIFTcCn2xof7bPx" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0FIS-6aBRY5HaW2z" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.11/32 -p tcp -m comment --comment "cali:5mg0z5kLGALR_v0Z" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:qOgLgO8Sj8yp39EU" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.41/32 -p tcp -m comment --comment "cali:vYOP__ycNKS_Q4df" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:KASRTrn_jE4O2ugX" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.127/32 -p tcp -m comment --comment "cali:239PHQPk3QDSKiO_" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:iD9f9V8X2ecxIpRZ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.0.139/32 -p tcp -m comment --comment "cali:cUBgVmeG-jcvcUZf" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:nwk6_sRVxUcAEjWK" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.169/32 -p tcp -m comment --comment "cali:R0o3GB60AUlNlWWE" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:vjn0AaWFUpbYaWrn" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.150/32 -p tcp -m comment --comment "cali:xnwjOFv4OUKJaucv" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:euZALIbnZTydQMdY" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.16/32 -p tcp -m comment --comment "cali:aT25RyT5mGT9Qrkf" -m set --match-set cali4-s:3iAwASLOol-1TU-fuIwcqNd src -m multiport --dports 1969 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XfEpwu70WMkeKIfw" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.16/32 -p tcp -m comment --comment "cali:ganCI2cFEqi7g3Lu" -m set --match-set cali4-s:3iAwASLOol-1TU-fuIwcqNd src -m multiport --dports 1969 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:QZMd6IRhm3TCiSlg" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.11/32 -p tcp -m comment --comment "cali:SP-jn_pyJ4jRPzCL" -m set --match-set cali4-s:XyHxHeVogA5VjZuGWWoyiFE src -m multiport --dports 2737 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xq3dYdT4-TU2Uft7" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.11/32 -p tcp -m comment --comment "cali:8tIsQjEQz-S-k9hg" -m set --match-set cali4-s:XyHxHeVogA5VjZuGWWoyiFE src -m multiport --dports 2737 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:icVFUfOKxWL5ts9k" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.141/32 -p tcp -m comment --comment "cali:EJ4xw6_ooRSmxkEX" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:OChzA5wDSSJTxiUa" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.144/32 -p tcp -m comment --comment "cali:s1Lf70rUZIAFvs_w" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:enVSzo2CAltgV_Bx" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.78/32 -p tcp -m comment --comment "cali:Jx1uBPQmrMWx_oaJ" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:ahKzoHayc6fw_SQV" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.85/32 -p tcp -m comment --comment "cali:3yMxM5zhnGW-I-2-" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:61YXn1-Qzpb3qtiB" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.175/32 -p tcp -m comment --comment "cali:mba6qyUOLSSLLqHM" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:y6SsLdSij2xjfyLL" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.178/32 -p tcp -m comment --comment "cali:eo84dXxQcHxDJmco" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:EsSPRvtEHUEYBRWR" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.79/32 -p tcp -m comment --comment "cali:kB8NHJq9078azHWs" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:qBveAzuLEZf1WZbb" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.95/32 -p tcp -m comment --comment "cali:u93nS4bppllE_C0o" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:tgqV9ieHo74uFixJ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.15/32 -p tcp -m comment --comment "cali:BrePDK_xvt2ipGov" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Chi9pg6vdMsHGeas" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.101/32 -p tcp -m comment --comment "cali:0ePK4nqW1dpdjADJ" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:bjqFtZLozs6st18o" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.48.118/32 -p tcp -m comment --comment "cali:5JlNLd1a_jez6bdm" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:d68cYQOpH_8dqspS" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.48.132/32 -p tcp -m comment --comment "cali:9HUmbYptZh3xhB2H" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:RTFL7wCGVYzcgR0s" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.89/32 -p tcp -m comment --comment "cali:1cX5VaVM1-ANLf60" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:gl8VZV-OczjD0-dz" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.167/32 -p tcp -m comment --comment "cali:ENsolVnLFMJ9Swv0" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XHlgJdgJ54zFk55_" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.168/32 -p tcp -m comment --comment "cali:RddV6MngR8TAbury" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:gkMGNcsmscCOYBNB" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.96/32 -p tcp -m comment --comment "cali:R4dEpuBNc68KvaZ5" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:w4ucO7TsqRaq6GkZ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.97/32 -p tcp -m comment --comment "cali:n1AEs2-__xZDotlh" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xnCC1IwIp306y37P" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.98/32 -p tcp -m comment --comment "cali:WA2-ZXPLBkM2VFz5" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:aMx6AymLQKfsWfdt" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.10/32 -p tcp -m comment --comment "cali:pKraBpLCOltQGgfP" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:yG89BiNgIQXWhRbt" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.168/32 -p tcp -m comment --comment "cali:_KpeiGmQZH6I2OHO" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:YMLlu9icrA9S-RSL" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.169/32 -p tcp -m comment --comment "cali:ikQRoJlZQVyFuHxX" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:t1vtn1pqFQ56zUzQ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Wb6k-cOv-_qGCmYE" -j DROP [0:0] -A cali-po-k8s-policy-no-match -m comment --comment "cali:M1MvnGSuWnBDoJxY" -j MARK --set-xmark 0x2000000/0x2000000 [0:0] -A cali-po-k8s-policy-no-match -m comment --comment "cali:srq_4spRBeZ7r-5T" -m mark --mark 0x2000000/0x2000000 -j RETURN COMMIT # Completed on Tue Jun 25 11:34:30 2019 # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *nat :PREROUTING ACCEPT [5:300] :INPUT ACCEPT [5:300] :OUTPUT ACCEPT [1:72] :POSTROUTING ACCEPT [1:72] :KUBE-MARK-DROP - [0:0] :KUBE-MARK-MASQ - [0:0] :KUBE-NODEPORTS - [0:0] :KUBE-POSTROUTING - [0:0] :KUBE-SEP-25LSSMOQSLZO62TA - [0:0] :KUBE-SEP-37XH7CLV3AO4VPTO - [0:0] :KUBE-SEP-3EKUJOQNGD2M2BGA - [0:0] :KUBE-SEP-3L6RBXX474F3Z4BG - [0:0] :KUBE-SEP-3XKENU7WVKKTAHTV - [0:0] :KUBE-SEP-4CPLK3VL33TG4HTO - [0:0] :KUBE-SEP-5FTPLFRSUQY4SIOQ - [0:0] :KUBE-SEP-5X6UVN6ARF5TYMJ4 - [0:0] :KUBE-SEP-672TWE2WYV3V42NU - [0:0] :KUBE-SEP-6HUPMP5IVKEGRSOX - [0:0] :KUBE-SEP-6IAAQVQ44ZOHE24Z - [0:0] :KUBE-SEP-6REVSYG73P5URSNB - [0:0] :KUBE-SEP-6ZXNISWV3YFNXORO - [0:0] :KUBE-SEP-7I4E57MZAZPKXZGS - [0:0] :KUBE-SEP-7PJRSW3465VLV5NU - [0:0] :KUBE-SEP-7WCR5RS3KL7SSYNX - [0:0] :KUBE-SEP-A3FDOYOMTV6IFA3N - [0:0] :KUBE-SEP-ASQ2QWDIQ7ZRHYYI - [0:0] :KUBE-SEP-B3XSLKK24I3RV53E - [0:0] :KUBE-SEP-BDXL4HDHKUBTO2XO - [0:0] :KUBE-SEP-BNQS32RABUIOIJVK - [0:0] :KUBE-SEP-BWOHOCEO7NXRBQKX - [0:0] :KUBE-SEP-C3LNAFCTKEVSQ6LJ - [0:0] :KUBE-SEP-C5R7FJMTVBQYYP7Z - [0:0] :KUBE-SEP-DXLVQUNJLQYCSWET - [0:0] :KUBE-SEP-DXRBNUUKLAC3KWIB - [0:0] :KUBE-SEP-E2ZQLHBMIDWU2YP3 - [0:0] :KUBE-SEP-EOA4M4AMHPH5QKJT - [0:0] :KUBE-SEP-FGHQMJCOX46V3WZ2 - [0:0] :KUBE-SEP-FIBOVC4TD57T6XPA - [0:0] :KUBE-SEP-FOY767XNXR4RDOI6 - [0:0] :KUBE-SEP-FRJQKEHBA7MB5UVM - [0:0] :KUBE-SEP-GRXSJNBEO3VJVZ2W - [0:0] :KUBE-SEP-H4BGQHYNG3CGPLVW - [0:0] :KUBE-SEP-H4BYNHQBW7YIN5UR - [0:0] :KUBE-SEP-H5YF2GBSYYOZONPK - [0:0] :KUBE-SEP-H7OVKF36OOUPWBS3 - [0:0] :KUBE-SEP-HJUUBUSEBGKOPCTM - [0:0] :KUBE-SEP-HXLSTINWUTRUHRJ7 - [0:0] :KUBE-SEP-J4OBMLACPA6WS5K2 - [0:0] :KUBE-SEP-JNEYNJWMYZTT437T - [0:0] :KUBE-SEP-JSXXZF6DB47HAOTW - [0:0] :KUBE-SEP-K57A3GRJV6STKX2H - [0:0] :KUBE-SEP-KEIL5EJUTMDOSFZW - [0:0] :KUBE-SEP-KRKP52L5LZ4E2QOT - [0:0] :KUBE-SEP-L3Q7GF7UPPMSD2HY - [0:0] :KUBE-SEP-L4D2OGEMGVWTP7JS - [0:0] :KUBE-SEP-LBYINOPUCE5HODM6 - [0:0] :KUBE-SEP-LC3WK6J2636WZKTN - [0:0] :KUBE-SEP-LLGUN2HVGY5JS5NJ - [0:0] :KUBE-SEP-LLMSPSLICATSJSDJ - [0:0] :KUBE-SEP-M3WWEPPMCTB7BLDL - [0:0] :KUBE-SEP-M6G6XPJOCWGY2INP - [0:0] :KUBE-SEP-MBC2MPUBLROG7I3A - [0:0] :KUBE-SEP-MGDVL34HWYF35IL2 - [0:0] :KUBE-SEP-NGGIKPFLOKRFQXPH - [0:0] :KUBE-SEP-NOHY6L6QHZPYPHWG - [0:0] :KUBE-SEP-NWMB3KBZ55SO4LDW - [0:0] :KUBE-SEP-NZYGFMC2TZIPDQYI - [0:0] :KUBE-SEP-ODFVG6OYLLJVD7T4 - [0:0] :KUBE-SEP-OH4ZI4Z24ZVMEU7A - [0:0] :KUBE-SEP-OOO3XQXWKXK4HE2R - [0:0] :KUBE-SEP-OZAGMMTF62X6TYQ2 - [0:0] :KUBE-SEP-P4MGSHGFQGVSH3NM - [0:0] :KUBE-SEP-PAGWFB2265WTQCIC - [0:0] :KUBE-SEP-PKGEVJZHX3RODJCX - [0:0] :KUBE-SEP-PRXHS5433PGAISX2 - [0:0] :KUBE-SEP-PUIGW4Z6VOZ47WPX - [0:0] :KUBE-SEP-Q4Y6Y2T5SC4L3ITY - [0:0] :KUBE-SEP-Q56HMF344MPJWT4N - [0:0] :KUBE-SEP-QJ5NJAP27DT3Y6BW - [0:0] :KUBE-SEP-QLQMIE7ND3HQXXSI - [0:0] :KUBE-SEP-QPG23T44FP3FIDLH - [0:0] :KUBE-SEP-QPIEZFPXHK6GCHT2 - [0:0] :KUBE-SEP-QPYEN6HCUXSL5G43 - [0:0] :KUBE-SEP-QY7CLEY555P7WTSA - [0:0] :KUBE-SEP-QZU2LZJGBHV64WIQ - [0:0] :KUBE-SEP-R3USABFTJMEYATSS - [0:0] :KUBE-SEP-R4EBIWO76BY36ELS - [0:0] :KUBE-SEP-R4JOXQKX5IRJ4KVL - [0:0] :KUBE-SEP-ROUVUHRDDVRJBXBV - [0:0] :KUBE-SEP-RX4SR3MBS6J4RAIK - [0:0] :KUBE-SEP-TDMOM3ZAQQ6N532C - [0:0] :KUBE-SEP-TPOSC7WXJITSQNHM - [0:0] :KUBE-SEP-TW4OGVF4RTJE2MBJ - [0:0] :KUBE-SEP-UEHXHNDAZAWFMOPS - [0:0] :KUBE-SEP-VL4LXG4OAORE3CWW - [0:0] :KUBE-SEP-VP4EPI7HTHD3HIZF - [0:0] :KUBE-SEP-VZPQ5V7QXI33EFX5 - [0:0] :KUBE-SEP-WLCWSJ6G6KPUKCTB - [0:0] :KUBE-SEP-WLOYGDKBV4B467JJ - [0:0] :KUBE-SEP-WTEZWP5RZCIFRRS7 - [0:0] :KUBE-SEP-X2ULFOFAP7OVK5OP - [0:0] :KUBE-SEP-XI367GG7YMDARCAO - [0:0] :KUBE-SEP-XKI3TJGTHQZ6FGXF - [0:0] :KUBE-SEP-XUAM56NCWKNL6LHH - [0:0] :KUBE-SEP-YA7SBWUN4B5LAFV5 - [0:0] :KUBE-SEP-YCAYGVFQO7FM2V2R - [0:0] :KUBE-SEP-YD3MMCY7YRZ23KFM - [0:0] :KUBE-SEP-YVA6LAHWBG2UT37Y - [0:0] :KUBE-SEP-ZMIUBM46KUTPJX45 - [0:0] :KUBE-SEP-ZMQPWJGXRHHFTNJ6 - [0:0] :KUBE-SEP-ZWXI7KAWCMWY5YZZ - [0:0] :KUBE-SERVICES - [0:0] :KUBE-SVC-3GG4OIWB5POCZRIS - [0:0] :KUBE-SVC-3HSQGWIEZXY7TPFA - [0:0] :KUBE-SVC-4VZL3NYK6BUMJQT6 - [0:0] :KUBE-SVC-DRPZW2JLXFVEZV24 - [0:0] :KUBE-SVC-EWFWE2MZVAZUSDCJ - [0:0] :KUBE-SVC-F5V6EFTAING42ZST - [0:0] :KUBE-SVC-HKUKEOV3LVLACIYS - [0:0] :KUBE-SVC-IRYOTVULVUBKGSRV - [0:0] :KUBE-SVC-JUYW2F7ZNGJYSNZY - [0:0] :KUBE-SVC-JVHX5TUQGN5CUHRG - [0:0] :KUBE-SVC-LY6VP7FXLCW5URNS - [0:0] :KUBE-SVC-NDENSWNKXLPSX4C5 - [0:0] :KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0] :KUBE-SVC-OYLCDZV7ODXZU5HU - [0:0] :KUBE-SVC-QVZRDVB2OIGPY6VN - [0:0] :KUBE-SVC-RBHDTOMHMN6RWXBU - [0:0] :KUBE-SVC-UGDSQCEEXPFQV43I - [0:0] :KUBE-SVC-VFNCZS3JSCJ4MQUE - [0:0] :KUBE-SVC-WMPCKM4KQAWYURGE - [0:0] :KUBE-SVC-XRV6LW34NCGJEJCY - [0:0] :cali-OUTPUT - [0:0] :cali-POSTROUTING - [0:0] :cali-PREROUTING - [0:0] :cali-fip-dnat - [0:0] :cali-fip-snat - [0:0] :cali-nat-outgoing - [0:0] [21418294:1299478781] -A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES [0:0] -A OUTPUT -p icmp -m icmp --icmp-type 5 -j LOG [5599491:336270166] -A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES [26616752:1611309579] -A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING [0:0] -A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000 [419439:25166340] -A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000 [18989:1139340] -A KUBE-NODEPORTS -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp --dport 1970 -j KUBE-MARK-MASQ [18989:1139340] -A KUBE-NODEPORTS -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp --dport 1970 -j KUBE-SVC-F5V6EFTAING42ZST [1636:98160] -A KUBE-NODEPORTS -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp --dport 1969 -j KUBE-MARK-MASQ [1636:98160] -A KUBE-NODEPORTS -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp --dport 1969 -j KUBE-SVC-RBHDTOMHMN6RWXBU [16156:969360] -A KUBE-NODEPORTS -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp --dport 8081 -j KUBE-MARK-MASQ [16156:969360] -A KUBE-NODEPORTS -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp --dport 8081 -j KUBE-SVC-WMPCKM4KQAWYURGE [310818:18649080] -A KUBE-NODEPORTS -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp --dport 31192 -j KUBE-MARK-MASQ [310818:18649080] -A KUBE-NODEPORTS -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp --dport 31192 -j KUBE-SVC-HKUKEOV3LVLACIYS [17349:1040940] -A KUBE-NODEPORTS -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp --dport 8080 -j KUBE-MARK-MASQ [17349:1040940] -A KUBE-NODEPORTS -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp --dport 8080 -j KUBE-SVC-QVZRDVB2OIGPY6VN [18343:1100580] -A KUBE-NODEPORTS -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp --dport 32192 -j KUBE-MARK-MASQ [18343:1100580] -A KUBE-NODEPORTS -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp --dport 32192 -j KUBE-SVC-LY6VP7FXLCW5URNS [296:17760] -A KUBE-NODEPORTS -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp --dport 8748 -j KUBE-MARK-MASQ [296:17760] -A KUBE-NODEPORTS -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp --dport 8748 -j KUBE-SVC-EWFWE2MZVAZUSDCJ [16646:998760] -A KUBE-NODEPORTS -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp --dport 3030 -j KUBE-MARK-MASQ [16646:998760] -A KUBE-NODEPORTS -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp --dport 3030 -j KUBE-SVC-JVHX5TUQGN5CUHRG [19206:1152360] -A KUBE-NODEPORTS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp --dport 10042 -j KUBE-MARK-MASQ [19206:1152360] -A KUBE-NODEPORTS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp --dport 10042 -j KUBE-SVC-3GG4OIWB5POCZRIS [419439:25166340] -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE [0:0] -A KUBE-SEP-25LSSMOQSLZO62TA -s 10.192.64.212/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15428:925680] -A KUBE-SEP-25LSSMOQSLZO62TA -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.212:8192 [0:0] -A KUBE-SEP-37XH7CLV3AO4VPTO -s 10.192.64.219/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [648:38880] -A KUBE-SEP-37XH7CLV3AO4VPTO -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.219:10044 [0:0] -A KUBE-SEP-3EKUJOQNGD2M2BGA -s 10.192.64.229/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15519:931140] -A KUBE-SEP-3EKUJOQNGD2M2BGA -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.229:8192 [0:0] -A KUBE-SEP-3L6RBXX474F3Z4BG -s 10.192.64.216/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [668:40080] -A KUBE-SEP-3L6RBXX474F3Z4BG -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.216:10044 [0:0] -A KUBE-SEP-3XKENU7WVKKTAHTV -s 10.192.64.89/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15812:948720] -A KUBE-SEP-3XKENU7WVKKTAHTV -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.89:8192 [0:0] -A KUBE-SEP-4CPLK3VL33TG4HTO -s 10.192.64.174/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [678:40680] -A KUBE-SEP-4CPLK3VL33TG4HTO -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.174:10044 [0:0] -A KUBE-SEP-5FTPLFRSUQY4SIOQ -s 10.192.64.247/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [158:9480] -A KUBE-SEP-5FTPLFRSUQY4SIOQ -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.247:1969 [0:0] -A KUBE-SEP-5X6UVN6ARF5TYMJ4 -s 10.192.64.204/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15403:924180] -A KUBE-SEP-5X6UVN6ARF5TYMJ4 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.204:8192 [0:0] -A KUBE-SEP-672TWE2WYV3V42NU -s 10.192.64.224/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [608:36480] -A KUBE-SEP-672TWE2WYV3V42NU -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.224:10044 [0:0] -A KUBE-SEP-6HUPMP5IVKEGRSOX -s 10.192.64.244/32 -m comment --comment "termbox/termbox-production:http" -j KUBE-MARK-MASQ [4207:252420] -A KUBE-SEP-6HUPMP5IVKEGRSOX -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp -j DNAT --to-destination 10.192.64.244:3030 [0:0] -A KUBE-SEP-6IAAQVQ44ZOHE24Z -s 10.192.65.194/32 -m comment --comment "sessionstore/kask-production:http" -j KUBE-MARK-MASQ [4047:242820] -A KUBE-SEP-6IAAQVQ44ZOHE24Z -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp -j DNAT --to-destination 10.192.65.194:8081 [0:0] -A KUBE-SEP-6REVSYG73P5URSNB -s 10.192.64.228/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [659:39540] -A KUBE-SEP-6REVSYG73P5URSNB -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.228:10044 [0:0] -A KUBE-SEP-6ZXNISWV3YFNXORO -s 10.192.64.233/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [632:37920] -A KUBE-SEP-6ZXNISWV3YFNXORO -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.233:10044 [0:0] -A KUBE-SEP-7I4E57MZAZPKXZGS -s 10.192.64.176/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [668:40080] -A KUBE-SEP-7I4E57MZAZPKXZGS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.176:10044 [0:0] -A KUBE-SEP-7PJRSW3465VLV5NU -s 10.192.64.91/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [629:37740] -A KUBE-SEP-7PJRSW3465VLV5NU -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.91:10044 [0:0] -A KUBE-SEP-7WCR5RS3KL7SSYNX -s 10.192.64.131/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [162:9720] -A KUBE-SEP-7WCR5RS3KL7SSYNX -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.131:1969 [0:0] -A KUBE-SEP-A3FDOYOMTV6IFA3N -s 10.192.64.99/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [631:37860] -A KUBE-SEP-A3FDOYOMTV6IFA3N -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.99:10044 [0:0] -A KUBE-SEP-ASQ2QWDIQ7ZRHYYI -s 10.192.64.220/32 -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-MARK-MASQ [65:3900] -A KUBE-SEP-ASQ2QWDIQ7ZRHYYI -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.220:8748 [0:0] -A KUBE-SEP-B3XSLKK24I3RV53E -s 10.192.64.116/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [192:11520] -A KUBE-SEP-B3XSLKK24I3RV53E -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.116:1969 [0:0] -A KUBE-SEP-BDXL4HDHKUBTO2XO -s 10.192.64.119/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2197:131820] -A KUBE-SEP-BDXL4HDHKUBTO2XO -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.119:8080 [0:0] -A KUBE-SEP-BNQS32RABUIOIJVK -s 10.192.16.26/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-BNQS32RABUIOIJVK -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-BNQS32RABUIOIJVK --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.192.16.26:6443 [0:0] -A KUBE-SEP-BWOHOCEO7NXRBQKX -s 10.192.64.183/32 -m comment --comment "eventgate-analytics/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-BWOHOCEO7NXRBQKX -p tcp -m comment --comment "eventgate-analytics/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.183:44134 [0:0] -A KUBE-SEP-C3LNAFCTKEVSQ6LJ -s 10.192.64.123/32 -m comment --comment "termbox/termbox-production:http" -j KUBE-MARK-MASQ [4230:253800] -A KUBE-SEP-C3LNAFCTKEVSQ6LJ -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp -j DNAT --to-destination 10.192.64.123:3030 [0:0] -A KUBE-SEP-C5R7FJMTVBQYYP7Z -s 10.192.64.209/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15389:923340] -A KUBE-SEP-C5R7FJMTVBQYYP7Z -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.209:8192 [0:0] -A KUBE-SEP-DXLVQUNJLQYCSWET -s 10.192.64.86/32 -m comment --comment "cxserver/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-DXLVQUNJLQYCSWET -p tcp -m comment --comment "cxserver/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.86:44134 [0:0] -A KUBE-SEP-DXRBNUUKLAC3KWIB -s 10.192.64.122/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [174:10440] -A KUBE-SEP-DXRBNUUKLAC3KWIB -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.122:1969 [0:0] -A KUBE-SEP-E2ZQLHBMIDWU2YP3 -s 10.192.64.163/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [646:38760] -A KUBE-SEP-E2ZQLHBMIDWU2YP3 -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.163:10044 [0:0] -A KUBE-SEP-EOA4M4AMHPH5QKJT -s 10.192.64.95/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15714:942840] -A KUBE-SEP-EOA4M4AMHPH5QKJT -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.95:8192 [0:0] -A KUBE-SEP-FGHQMJCOX46V3WZ2 -s 10.192.64.203/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15493:929580] -A KUBE-SEP-FGHQMJCOX46V3WZ2 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.203:8192 [0:0] -A KUBE-SEP-FIBOVC4TD57T6XPA -s 10.192.65.193/32 -m comment --comment "sessionstore/kask-production:http" -j KUBE-MARK-MASQ [3987:239220] -A KUBE-SEP-FIBOVC4TD57T6XPA -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp -j DNAT --to-destination 10.192.65.193:8081 [0:0] -A KUBE-SEP-FOY767XNXR4RDOI6 -s 10.192.64.227/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [651:39060] -A KUBE-SEP-FOY767XNXR4RDOI6 -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.227:10044 [0:0] -A KUBE-SEP-FRJQKEHBA7MB5UVM -s 10.192.64.92/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2375:142500] -A KUBE-SEP-FRJQKEHBA7MB5UVM -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.92:1970 [0:0] -A KUBE-SEP-GRXSJNBEO3VJVZ2W -s 10.192.65.2/32 -m comment --comment "sessionstore/kask-production:http" -j KUBE-MARK-MASQ [4049:242940] -A KUBE-SEP-GRXSJNBEO3VJVZ2W -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp -j DNAT --to-destination 10.192.65.2:8081 [0:0] -A KUBE-SEP-H4BGQHYNG3CGPLVW -s 10.192.64.179/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [676:40560] -A KUBE-SEP-H4BGQHYNG3CGPLVW -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.179:10044 [0:0] -A KUBE-SEP-H4BYNHQBW7YIN5UR -s 10.192.64.217/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [641:38460] -A KUBE-SEP-H4BYNHQBW7YIN5UR -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.217:10044 [0:0] -A KUBE-SEP-H5YF2GBSYYOZONPK -s 10.192.64.184/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15576:934560] -A KUBE-SEP-H5YF2GBSYYOZONPK -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.184:8192 [0:0] -A KUBE-SEP-H7OVKF36OOUPWBS3 -s 10.192.64.98/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [647:38820] -A KUBE-SEP-H7OVKF36OOUPWBS3 -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.98:10044 [0:0] -A KUBE-SEP-HJUUBUSEBGKOPCTM -s 10.192.64.133/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [159:9540] -A KUBE-SEP-HJUUBUSEBGKOPCTM -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.133:1969 [0:0] -A KUBE-SEP-HXLSTINWUTRUHRJ7 -s 10.192.64.230/32 -m comment --comment "termbox/termbox-production:http" -j KUBE-MARK-MASQ [4032:241920] -A KUBE-SEP-HXLSTINWUTRUHRJ7 -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp -j DNAT --to-destination 10.192.64.230:3030 [0:0] -A KUBE-SEP-J4OBMLACPA6WS5K2 -s 10.192.64.65/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15743:944580] -A KUBE-SEP-J4OBMLACPA6WS5K2 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.65:8192 [0:0] -A KUBE-SEP-JNEYNJWMYZTT437T -s 10.192.64.132/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [623:37380] -A KUBE-SEP-JNEYNJWMYZTT437T -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.132:10044 [0:0] -A KUBE-SEP-JSXXZF6DB47HAOTW -s 10.192.64.166/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2382:142920] -A KUBE-SEP-JSXXZF6DB47HAOTW -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.166:1970 [0:0] -A KUBE-SEP-K57A3GRJV6STKX2H -s 10.192.64.169/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [631:37860] -A KUBE-SEP-K57A3GRJV6STKX2H -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.169:10044 [0:0] -A KUBE-SEP-KEIL5EJUTMDOSFZW -s 10.192.64.208/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2102:126120] -A KUBE-SEP-KEIL5EJUTMDOSFZW -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.208:8080 [0:0] -A KUBE-SEP-KRKP52L5LZ4E2QOT -s 10.192.64.187/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15584:935040] -A KUBE-SEP-KRKP52L5LZ4E2QOT -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.187:8192 [0:0] -A KUBE-SEP-L3Q7GF7UPPMSD2HY -s 10.192.64.77/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [674:40440] -A KUBE-SEP-L3Q7GF7UPPMSD2HY -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.77:10044 [0:0] -A KUBE-SEP-L4D2OGEMGVWTP7JS -s 10.192.64.74/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15463:927780] -A KUBE-SEP-L4D2OGEMGVWTP7JS -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.74:8192 [0:0] -A KUBE-SEP-LBYINOPUCE5HODM6 -s 10.192.0.93/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-LBYINOPUCE5HODM6 -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-LBYINOPUCE5HODM6 --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.192.0.93:6443 [0:0] -A KUBE-SEP-LC3WK6J2636WZKTN -s 10.192.64.168/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2104:126240] -A KUBE-SEP-LC3WK6J2636WZKTN -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.168:8080 [0:0] -A KUBE-SEP-LLGUN2HVGY5JS5NJ -s 10.192.64.118/32 -m comment --comment "graphoid/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-LLGUN2HVGY5JS5NJ -p tcp -m comment --comment "graphoid/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.118:44134 [0:0] -A KUBE-SEP-LLMSPSLICATSJSDJ -s 10.192.64.117/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [165:9900] -A KUBE-SEP-LLMSPSLICATSJSDJ -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.117:1969 [0:0] -A KUBE-SEP-M3WWEPPMCTB7BLDL -s 10.192.64.185/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15623:937380] -A KUBE-SEP-M3WWEPPMCTB7BLDL -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.185:8192 [0:0] -A KUBE-SEP-M6G6XPJOCWGY2INP -s 10.192.64.127/32 -m comment --comment "eventgate-main/eventgate-main:http" -j KUBE-MARK-MASQ [6051:363060] -A KUBE-SEP-M6G6XPJOCWGY2INP -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp -j DNAT --to-destination 10.192.64.127:8192 [0:0] -A KUBE-SEP-MBC2MPUBLROG7I3A -s 10.192.64.101/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [637:38220] -A KUBE-SEP-MBC2MPUBLROG7I3A -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.101:10044 [0:0] -A KUBE-SEP-MGDVL34HWYF35IL2 -s 10.192.64.253/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [169:10140] -A KUBE-SEP-MGDVL34HWYF35IL2 -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.253:1969 [0:0] -A KUBE-SEP-NGGIKPFLOKRFQXPH -s 10.192.64.139/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2164:129840] -A KUBE-SEP-NGGIKPFLOKRFQXPH -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.139:8080 [0:0] -A KUBE-SEP-NOHY6L6QHZPYPHWG -s 10.192.64.190/32 -m comment --comment "eventgate-main/eventgate-main:http" -j KUBE-MARK-MASQ [6200:372000] -A KUBE-SEP-NOHY6L6QHZPYPHWG -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp -j DNAT --to-destination 10.192.64.190:8192 [0:0] -A KUBE-SEP-NWMB3KBZ55SO4LDW -s 10.192.64.82/32 -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-MARK-MASQ [66:3960] -A KUBE-SEP-NWMB3KBZ55SO4LDW -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.82:8748 [0:0] -A KUBE-SEP-NZYGFMC2TZIPDQYI -s 10.192.64.177/32 -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-MARK-MASQ [84:5040] -A KUBE-SEP-NZYGFMC2TZIPDQYI -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.177:8748 [0:0] -A KUBE-SEP-ODFVG6OYLLJVD7T4 -s 10.192.64.85/32 -m comment --comment "blubberoid/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-ODFVG6OYLLJVD7T4 -p tcp -m comment --comment "blubberoid/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.85:44134 [0:0] -A KUBE-SEP-OH4ZI4Z24ZVMEU7A -s 10.192.64.188/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15541:932460] -A KUBE-SEP-OH4ZI4Z24ZVMEU7A -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.188:8192 [0:0] -A KUBE-SEP-OOO3XQXWKXK4HE2R -s 10.192.64.154/32 -m comment --comment "zotero/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-OOO3XQXWKXK4HE2R -p tcp -m comment --comment "zotero/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.154:44134 [0:0] -A KUBE-SEP-OZAGMMTF62X6TYQ2 -s 10.192.64.172/32 -m comment --comment "termbox/termbox-production:http" -j KUBE-MARK-MASQ [4177:250620] -A KUBE-SEP-OZAGMMTF62X6TYQ2 -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp -j DNAT --to-destination 10.192.64.172:3030 [0:0] -A KUBE-SEP-P4MGSHGFQGVSH3NM -s 10.192.64.222/32 -m comment --comment "eventgate-main/eventgate-main:http" -j KUBE-MARK-MASQ [6092:365520] -A KUBE-SEP-P4MGSHGFQGVSH3NM -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp -j DNAT --to-destination 10.192.64.222:8192 [0:0] -A KUBE-SEP-PAGWFB2265WTQCIC -s 10.192.64.221/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [614:36840] -A KUBE-SEP-PAGWFB2265WTQCIC -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.221:10044 [0:0] -A KUBE-SEP-PKGEVJZHX3RODJCX -s 10.192.64.96/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2398:143880] -A KUBE-SEP-PKGEVJZHX3RODJCX -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.96:1970 [0:0] -A KUBE-SEP-PRXHS5433PGAISX2 -s 10.192.64.193/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2471:148260] -A KUBE-SEP-PRXHS5433PGAISX2 -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.193:1970 [0:0] -A KUBE-SEP-PUIGW4Z6VOZ47WPX -s 10.192.64.140/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [157:9420] -A KUBE-SEP-PUIGW4Z6VOZ47WPX -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.140:1969 [0:0] -A KUBE-SEP-Q4Y6Y2T5SC4L3ITY -s 10.192.64.165/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2241:134460] -A KUBE-SEP-Q4Y6Y2T5SC4L3ITY -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.165:8080 [0:0] -A KUBE-SEP-Q56HMF344MPJWT4N -s 10.192.64.156/32 -m comment --comment "sessionstore/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-Q56HMF344MPJWT4N -p tcp -m comment --comment "sessionstore/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.156:44134 [0:0] -A KUBE-SEP-QJ5NJAP27DT3Y6BW -s 10.192.64.157/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [640:38400] -A KUBE-SEP-QJ5NJAP27DT3Y6BW -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.157:10044 [0:0] -A KUBE-SEP-QLQMIE7ND3HQXXSI -s 10.192.64.153/32 -m comment --comment "eventgate-main/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-QLQMIE7ND3HQXXSI -p tcp -m comment --comment "eventgate-main/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.153:44134 [0:0] -A KUBE-SEP-QPG23T44FP3FIDLH -s 10.192.64.215/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2382:142920] -A KUBE-SEP-QPG23T44FP3FIDLH -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.215:1970 [0:0] -A KUBE-SEP-QPIEZFPXHK6GCHT2 -s 10.192.64.223/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [636:38160] -A KUBE-SEP-QPIEZFPXHK6GCHT2 -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.223:10044 [0:0] -A KUBE-SEP-QPYEN6HCUXSL5G43 -s 10.192.64.68/32 -m comment --comment "mathoid/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-QPYEN6HCUXSL5G43 -p tcp -m comment --comment "mathoid/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.68:44134 [0:0] -A KUBE-SEP-QY7CLEY555P7WTSA -s 10.192.64.79/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [639:38340] -A KUBE-SEP-QY7CLEY555P7WTSA -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.79:10044 [0:0] -A KUBE-SEP-QZU2LZJGBHV64WIQ -s 10.192.64.71/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [613:36780] -A KUBE-SEP-QZU2LZJGBHV64WIQ -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.71:10044 [0:0] -A KUBE-SEP-R3USABFTJMEYATSS -s 10.192.64.100/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [661:39660] -A KUBE-SEP-R3USABFTJMEYATSS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.100:10044 [0:0] -A KUBE-SEP-R4EBIWO76BY36ELS -s 10.192.64.158/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15564:933840] -A KUBE-SEP-R4EBIWO76BY36ELS -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.158:8192 [0:0] -A KUBE-SEP-R4JOXQKX5IRJ4KVL -s 10.192.64.198/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2151:129060] -A KUBE-SEP-R4JOXQKX5IRJ4KVL -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.198:8080 [0:0] -A KUBE-SEP-ROUVUHRDDVRJBXBV -s 10.192.64.226/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [576:34560] -A KUBE-SEP-ROUVUHRDDVRJBXBV -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.226:10044 [0:0] -A KUBE-SEP-RX4SR3MBS6J4RAIK -s 10.192.64.199/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2326:139560] -A KUBE-SEP-RX4SR3MBS6J4RAIK -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.199:1970 [0:0] -A KUBE-SEP-TDMOM3ZAQQ6N532C -s 10.192.64.97/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2177:130620] -A KUBE-SEP-TDMOM3ZAQQ6N532C -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.97:8080 [0:0] -A KUBE-SEP-TPOSC7WXJITSQNHM -s 10.192.64.218/32 -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-MARK-MASQ [81:4860] -A KUBE-SEP-TPOSC7WXJITSQNHM -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.218:8748 [0:0] -A KUBE-SEP-TW4OGVF4RTJE2MBJ -s 10.192.64.192/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15377:922620] -A KUBE-SEP-TW4OGVF4RTJE2MBJ -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.192:8192 [0:0] -A KUBE-SEP-UEHXHNDAZAWFMOPS -s 10.192.64.186/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [662:39720] -A KUBE-SEP-UEHXHNDAZAWFMOPS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.186:10044 [0:0] -A KUBE-SEP-VL4LXG4OAORE3CWW -s 10.192.64.161/32 -m comment --comment "citoid/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-VL4LXG4OAORE3CWW -p tcp -m comment --comment "citoid/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.161:44134 [0:0] -A KUBE-SEP-VP4EPI7HTHD3HIZF -s 10.192.64.93/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [620:37200] -A KUBE-SEP-VP4EPI7HTHD3HIZF -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.93:10044 [0:0] -A KUBE-SEP-VZPQ5V7QXI33EFX5 -s 10.192.64.182/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2303:138180] -A KUBE-SEP-VZPQ5V7QXI33EFX5 -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.182:1970 [0:0] -A KUBE-SEP-WLCWSJ6G6KPUKCTB -s 10.192.64.64/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15298:917880] -A KUBE-SEP-WLCWSJ6G6KPUKCTB -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.64:8192 [0:0] -A KUBE-SEP-WLOYGDKBV4B467JJ -s 10.192.64.171/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [664:39840] -A KUBE-SEP-WLOYGDKBV4B467JJ -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.171:10044 [0:0] -A KUBE-SEP-WTEZWP5RZCIFRRS7 -s 10.192.64.160/32 -m comment --comment "termbox/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-WTEZWP5RZCIFRRS7 -p tcp -m comment --comment "termbox/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.160:44134 [0:0] -A KUBE-SEP-X2ULFOFAP7OVK5OP -s 10.192.64.248/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [172:10320] -A KUBE-SEP-X2ULFOFAP7OVK5OP -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.248:1969 [0:0] -A KUBE-SEP-XI367GG7YMDARCAO -s 10.192.64.102/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [618:37080] -A KUBE-SEP-XI367GG7YMDARCAO -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.102:10044 [0:0] -A KUBE-SEP-XKI3TJGTHQZ6FGXF -s 10.192.64.76/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15602:936120] -A KUBE-SEP-XKI3TJGTHQZ6FGXF -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.76:8192 [0:0] -A KUBE-SEP-XUAM56NCWKNL6LHH -s 10.192.64.134/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [616:36960] -A KUBE-SEP-XUAM56NCWKNL6LHH -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.134:10044 [0:0] -A KUBE-SEP-YA7SBWUN4B5LAFV5 -s 10.192.64.141/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15351:921060] -A KUBE-SEP-YA7SBWUN4B5LAFV5 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.141:8192 [0:0] -A KUBE-SEP-YCAYGVFQO7FM2V2R -s 10.192.65.3/32 -m comment --comment "sessionstore/kask-production:http" -j KUBE-MARK-MASQ [4073:244380] -A KUBE-SEP-YCAYGVFQO7FM2V2R -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp -j DNAT --to-destination 10.192.65.3:8081 [0:0] -A KUBE-SEP-YD3MMCY7YRZ23KFM -s 10.192.64.152/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2352:141120] -A KUBE-SEP-YD3MMCY7YRZ23KFM -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.152:1970 [0:0] -A KUBE-SEP-YVA6LAHWBG2UT37Y -s 10.192.64.148/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15707:942420] -A KUBE-SEP-YVA6LAHWBG2UT37Y -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.148:8192 [0:0] -A KUBE-SEP-ZMIUBM46KUTPJX45 -s 10.192.64.250/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [128:7680] -A KUBE-SEP-ZMIUBM46KUTPJX45 -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.250:1969 [0:0] -A KUBE-SEP-ZMQPWJGXRHHFTNJ6 -s 10.192.64.213/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15631:937860] -A KUBE-SEP-ZMQPWJGXRHHFTNJ6 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.213:8192 [0:0] -A KUBE-SEP-ZWXI7KAWCMWY5YZZ -s 10.192.64.214/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2213:132780] -A KUBE-SEP-ZWXI7KAWCMWY5YZZ -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.214:8080 [0:0] -A KUBE-SERVICES -d 10.192.72.127/32 -p tcp -m comment --comment "graphoid/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-JUYW2F7ZNGJYSNZY [0:0] -A KUBE-SERVICES -d 10.192.72.206/32 -p tcp -m comment --comment "sessionstore/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-VFNCZS3JSCJ4MQUE [0:0] -A KUBE-SERVICES -d 10.192.72.218/32 -p tcp -m comment --comment "eventgate-main/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-OYLCDZV7ODXZU5HU [0:0] -A KUBE-SERVICES -d 10.192.72.225/32 -p tcp -m comment --comment "mathoid/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-XRV6LW34NCGJEJCY [0:0] -A KUBE-SERVICES -d 10.192.72.126/32 -p tcp -m comment --comment "citoid/citoid-production:http cluster IP" -m tcp --dport 1970 -j KUBE-SVC-F5V6EFTAING42ZST [0:0] -A KUBE-SERVICES -d 10.192.72.246/32 -p tcp -m comment --comment "blubberoid/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-4VZL3NYK6BUMJQT6 [0:0] -A KUBE-SERVICES -d 10.192.72.2/32 -p tcp -m comment --comment "zotero/zotero-production:http cluster IP" -m tcp --dport 1969 -j KUBE-SVC-RBHDTOMHMN6RWXBU [0:0] -A KUBE-SERVICES -d 10.192.72.133/32 -p tcp -m comment --comment "citoid/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-NDENSWNKXLPSX4C5 [0:0] -A KUBE-SERVICES -d 10.192.72.97/32 -p tcp -m comment --comment "sessionstore/kask-production:http cluster IP" -m tcp --dport 8081 -j KUBE-SVC-WMPCKM4KQAWYURGE [0:0] -A KUBE-SERVICES -d 10.192.72.252/32 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http cluster IP" -m tcp --dport 8192 -j KUBE-SVC-HKUKEOV3LVLACIYS [0:0] -A KUBE-SERVICES -d 10.192.72.87/32 -p tcp -m comment --comment "cxserver/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-IRYOTVULVUBKGSRV [0:0] -A KUBE-SERVICES -d 10.192.72.125/32 -p tcp -m comment --comment "cxserver/cxserver-production:http cluster IP" -m tcp --dport 8080 -j KUBE-SVC-QVZRDVB2OIGPY6VN [0:0] -A KUBE-SERVICES -d 10.192.72.115/32 -p tcp -m comment --comment "zotero/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-3HSQGWIEZXY7TPFA [0:0] -A KUBE-SERVICES -d 10.192.72.78/32 -p tcp -m comment --comment "termbox/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-DRPZW2JLXFVEZV24 [0:0] -A KUBE-SERVICES -d 10.192.72.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y [0:0] -A KUBE-SERVICES -d 10.192.72.74/32 -p tcp -m comment --comment "eventgate-main/eventgate-main:http cluster IP" -m tcp --dport 8192 -j KUBE-SVC-LY6VP7FXLCW5URNS [0:0] -A KUBE-SERVICES -d 10.192.72.249/32 -p tcp -m comment --comment "blubberoid/blubberoid-production:http cluster IP" -m tcp --dport 8748 -j KUBE-SVC-EWFWE2MZVAZUSDCJ [0:0] -A KUBE-SERVICES -d 10.192.72.141/32 -p tcp -m comment --comment "eventgate-analytics/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-UGDSQCEEXPFQV43I [0:0] -A KUBE-SERVICES -d 10.192.72.139/32 -p tcp -m comment --comment "termbox/termbox-production:http cluster IP" -m tcp --dport 3030 -j KUBE-SVC-JVHX5TUQGN5CUHRG [0:0] -A KUBE-SERVICES -d 10.192.72.113/32 -p tcp -m comment --comment "mathoid/mathoid-production:http cluster IP" -m tcp --dport 10044 -j KUBE-SVC-3GG4OIWB5POCZRIS [437935:26292374] -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS [661:39660] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03333000001 -j KUBE-SEP-R3USABFTJMEYATSS [637:38220] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03447999991 -j KUBE-SEP-MBC2MPUBLROG7I3A [618:37080] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03570999997 -j KUBE-SEP-XI367GG7YMDARCAO [623:37380] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03703999985 -j KUBE-SEP-JNEYNJWMYZTT437T [616:36960] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03845999995 -j KUBE-SEP-XUAM56NCWKNL6LHH [640:38400] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04000000004 -j KUBE-SEP-QJ5NJAP27DT3Y6BW [646:38760] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04167000018 -j KUBE-SEP-E2ZQLHBMIDWU2YP3 [631:37860] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04347999999 -j KUBE-SEP-K57A3GRJV6STKX2H [664:39840] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04545000009 -j KUBE-SEP-WLOYGDKBV4B467JJ [678:40680] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04761999985 -j KUBE-SEP-4CPLK3VL33TG4HTO [668:40080] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04999999981 -j KUBE-SEP-7I4E57MZAZPKXZGS [676:40560] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.05262999982 -j KUBE-SEP-H4BGQHYNG3CGPLVW [662:39720] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.05555999978 -j KUBE-SEP-UEHXHNDAZAWFMOPS [668:40080] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.05881999992 -j KUBE-SEP-3L6RBXX474F3Z4BG [641:38460] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.06250000000 -j KUBE-SEP-H4BYNHQBW7YIN5UR [648:38880] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.06667000009 -j KUBE-SEP-37XH7CLV3AO4VPTO [614:36840] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.07143000001 -j KUBE-SEP-PAGWFB2265WTQCIC [636:38160] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.07691999990 -j KUBE-SEP-QPIEZFPXHK6GCHT2 [608:36480] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.08332999982 -j KUBE-SEP-672TWE2WYV3V42NU [576:34560] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.09090999980 -j KUBE-SEP-ROUVUHRDDVRJBXBV [651:39060] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.10000000009 -j KUBE-SEP-FOY767XNXR4RDOI6 [659:39540] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.11110999994 -j KUBE-SEP-6REVSYG73P5URSNB [632:37920] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-6ZXNISWV3YFNXORO [613:36780] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-QZU2LZJGBHV64WIQ [674:40440] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-L3Q7GF7UPPMSD2HY [639:38340] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-QY7CLEY555P7WTSA [629:37740] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-7PJRSW3465VLV5NU [620:37200] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-VP4EPI7HTHD3HIZF [647:38820] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-H7OVKF36OOUPWBS3 [631:37860] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -j KUBE-SEP-A3FDOYOMTV6IFA3N [0:0] -A KUBE-SVC-3HSQGWIEZXY7TPFA -m comment --comment "zotero/tiller-deploy:tiller" -j KUBE-SEP-OOO3XQXWKXK4HE2R [0:0] -A KUBE-SVC-4VZL3NYK6BUMJQT6 -m comment --comment "blubberoid/tiller-deploy:tiller" -j KUBE-SEP-ODFVG6OYLLJVD7T4 [0:0] -A KUBE-SVC-DRPZW2JLXFVEZV24 -m comment --comment "termbox/tiller-deploy:tiller" -j KUBE-SEP-WTEZWP5RZCIFRRS7 [84:5040] -A KUBE-SVC-EWFWE2MZVAZUSDCJ -m comment --comment "blubberoid/blubberoid-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-NZYGFMC2TZIPDQYI [81:4860] -A KUBE-SVC-EWFWE2MZVAZUSDCJ -m comment --comment "blubberoid/blubberoid-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-TPOSC7WXJITSQNHM [65:3900] -A KUBE-SVC-EWFWE2MZVAZUSDCJ -m comment --comment "blubberoid/blubberoid-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ASQ2QWDIQ7ZRHYYI [66:3960] -A KUBE-SVC-EWFWE2MZVAZUSDCJ -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-SEP-NWMB3KBZ55SO4LDW [2352:141120] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-YD3MMCY7YRZ23KFM [2382:142920] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-JSXXZF6DB47HAOTW [2303:138180] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-VZPQ5V7QXI33EFX5 [2471:148260] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-PRXHS5433PGAISX2 [2326:139560] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-RX4SR3MBS6J4RAIK [2382:142920] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-QPG23T44FP3FIDLH [2375:142500] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-FRJQKEHBA7MB5UVM [2398:143880] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -j KUBE-SEP-PKGEVJZHX3RODJCX [15351:921060] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.04999999981 -j KUBE-SEP-YA7SBWUN4B5LAFV5 [15707:942420] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.05262999982 -j KUBE-SEP-YVA6LAHWBG2UT37Y [15564:933840] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.05555999978 -j KUBE-SEP-R4EBIWO76BY36ELS [15576:934560] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.05881999992 -j KUBE-SEP-H5YF2GBSYYOZONPK [15623:937380] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.06250000000 -j KUBE-SEP-M3WWEPPMCTB7BLDL [15584:935040] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.06667000009 -j KUBE-SEP-KRKP52L5LZ4E2QOT [15541:932460] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.07143000001 -j KUBE-SEP-OH4ZI4Z24ZVMEU7A [15377:922620] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.07691999990 -j KUBE-SEP-TW4OGVF4RTJE2MBJ [15493:929580] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.08332999982 -j KUBE-SEP-FGHQMJCOX46V3WZ2 [15403:924180] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.09090999980 -j KUBE-SEP-5X6UVN6ARF5TYMJ4 [15389:923340] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.10000000009 -j KUBE-SEP-C5R7FJMTVBQYYP7Z [15428:925680] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.11110999994 -j KUBE-SEP-25LSSMOQSLZO62TA [15631:937860] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-ZMQPWJGXRHHFTNJ6 [15519:931140] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-3EKUJOQNGD2M2BGA [15298:917880] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-WLCWSJ6G6KPUKCTB [15743:944580] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-J4OBMLACPA6WS5K2 [15463:927780] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-L4D2OGEMGVWTP7JS [15602:936120] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-XKI3TJGTHQZ6FGXF [15812:948720] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-3XKENU7WVKKTAHTV [15714:942840] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-SEP-EOA4M4AMHPH5QKJT [0:0] -A KUBE-SVC-IRYOTVULVUBKGSRV -m comment --comment "cxserver/tiller-deploy:tiller" -j KUBE-SEP-DXLVQUNJLQYCSWET [0:0] -A KUBE-SVC-JUYW2F7ZNGJYSNZY -m comment --comment "graphoid/tiller-deploy:tiller" -j KUBE-SEP-LLGUN2HVGY5JS5NJ [4230:253800] -A KUBE-SVC-JVHX5TUQGN5CUHRG -m comment --comment "termbox/termbox-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-C3LNAFCTKEVSQ6LJ [4177:250620] -A KUBE-SVC-JVHX5TUQGN5CUHRG -m comment --comment "termbox/termbox-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-OZAGMMTF62X6TYQ2 [4032:241920] -A KUBE-SVC-JVHX5TUQGN5CUHRG -m comment --comment "termbox/termbox-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-HXLSTINWUTRUHRJ7 [4207:252420] -A KUBE-SVC-JVHX5TUQGN5CUHRG -m comment --comment "termbox/termbox-production:http" -j KUBE-SEP-6HUPMP5IVKEGRSOX [6051:363060] -A KUBE-SVC-LY6VP7FXLCW5URNS -m comment --comment "eventgate-main/eventgate-main:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-M6G6XPJOCWGY2INP [6200:372000] -A KUBE-SVC-LY6VP7FXLCW5URNS -m comment --comment "eventgate-main/eventgate-main:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-NOHY6L6QHZPYPHWG [6092:365520] -A KUBE-SVC-LY6VP7FXLCW5URNS -m comment --comment "eventgate-main/eventgate-main:http" -j KUBE-SEP-P4MGSHGFQGVSH3NM [0:0] -A KUBE-SVC-NDENSWNKXLPSX4C5 -m comment --comment "citoid/tiller-deploy:tiller" -j KUBE-SEP-VL4LXG4OAORE3CWW [0:0] -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-LBYINOPUCE5HODM6 --mask 255.255.255.255 --rsource -j KUBE-SEP-LBYINOPUCE5HODM6 [0:0] -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-BNQS32RABUIOIJVK --mask 255.255.255.255 --rsource -j KUBE-SEP-BNQS32RABUIOIJVK [0:0] -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-LBYINOPUCE5HODM6 [0:0] -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-BNQS32RABUIOIJVK [0:0] -A KUBE-SVC-OYLCDZV7ODXZU5HU -m comment --comment "eventgate-main/tiller-deploy:tiller" -j KUBE-SEP-QLQMIE7ND3HQXXSI [2197:131820] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-BDXL4HDHKUBTO2XO [2164:129840] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-NGGIKPFLOKRFQXPH [2241:134460] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-Q4Y6Y2T5SC4L3ITY [2104:126240] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-LC3WK6J2636WZKTN [2151:129060] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-R4JOXQKX5IRJ4KVL [2102:126120] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-KEIL5EJUTMDOSFZW [2213:132780] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ZWXI7KAWCMWY5YZZ [2177:130620] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -j KUBE-SEP-TDMOM3ZAQQ6N532C [192:11520] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.10000000009 -j KUBE-SEP-B3XSLKK24I3RV53E [165:9900] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.11110999994 -j KUBE-SEP-LLMSPSLICATSJSDJ [174:10440] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-DXRBNUUKLAC3KWIB [162:9720] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-7WCR5RS3KL7SSYNX [159:9540] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-HJUUBUSEBGKOPCTM [157:9420] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-PUIGW4Z6VOZ47WPX [158:9480] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-5FTPLFRSUQY4SIOQ [172:10320] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-X2ULFOFAP7OVK5OP [128:7680] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ZMIUBM46KUTPJX45 [169:10140] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -j KUBE-SEP-MGDVL34HWYF35IL2 [0:0] -A KUBE-SVC-UGDSQCEEXPFQV43I -m comment --comment "eventgate-analytics/tiller-deploy:tiller" -j KUBE-SEP-BWOHOCEO7NXRBQKX [0:0] -A KUBE-SVC-VFNCZS3JSCJ4MQUE -m comment --comment "sessionstore/tiller-deploy:tiller" -j KUBE-SEP-Q56HMF344MPJWT4N [3987:239220] -A KUBE-SVC-WMPCKM4KQAWYURGE -m comment --comment "sessionstore/kask-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-FIBOVC4TD57T6XPA [4047:242820] -A KUBE-SVC-WMPCKM4KQAWYURGE -m comment --comment "sessionstore/kask-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-6IAAQVQ44ZOHE24Z [4049:242940] -A KUBE-SVC-WMPCKM4KQAWYURGE -m comment --comment "sessionstore/kask-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-GRXSJNBEO3VJVZ2W [4073:244380] -A KUBE-SVC-WMPCKM4KQAWYURGE -m comment --comment "sessionstore/kask-production:http" -j KUBE-SEP-YCAYGVFQO7FM2V2R [0:0] -A KUBE-SVC-XRV6LW34NCGJEJCY -m comment --comment "mathoid/tiller-deploy:tiller" -j KUBE-SEP-QPYEN6HCUXSL5G43 [0:0] -A cali-OUTPUT -p icmp -m icmp --icmp-type 5 -j LOG [0:0] -A cali-OUTPUT -p icmp -m icmp --icmp-type 5 -j LOG [5597974:336167200] -A cali-OUTPUT -m comment --comment "cali:GBTAv2p5CwevEyJm" -j cali-fip-dnat [26141505:1582782813] -A cali-POSTROUTING -m comment --comment "cali:Z-c7XtVd2Bq7s_hA" -j cali-fip-snat [26141505:1582782813] -A cali-POSTROUTING -m comment --comment "cali:nYKhEzDlr11Jccal" -j cali-nat-outgoing [20923967:1269800777] -A cali-PREROUTING -m comment --comment "cali:r6XmIziWUJsdOK6Z" -j cali-fip-dnat COMMIT # Completed on Tue Jun 25 11:34:30 2019 # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *filter :INPUT DROP [22:880] :FORWARD ACCEPT [4060279:765593942] :OUTPUT ACCEPT [338386:137437736] :KUBE-EXTERNAL-SERVICES - [0:0] :KUBE-FIREWALL - [0:0] :KUBE-FORWARD - [0:0] :KUBE-SERVICES - [0:0] :cali-FORWARD - [0:0] :cali-INPUT - [0:0] :cali-OUTPUT - [0:0] :cali-failsafe-in - [0:0] :cali-failsafe-out - [0:0] :cali-from-host-endpoint - [0:0] :cali-from-wl-dispatch - [0:0] :cali-from-wl-dispatch-2 - [0:0] :cali-from-wl-dispatch-5 - [0:0] :cali-from-wl-dispatch-a - [0:0] :cali-fw-cali1bc5dba9454 - [0:0] :cali-fw-cali23975c12260 - [0:0] :cali-fw-cali298241499c4 - [0:0] :cali-fw-cali35f5ced3039 - [0:0] :cali-fw-cali5018bf937e4 - [0:0] :cali-fw-cali5fb1db646ac - [0:0] :cali-fw-cali75293e80b4e - [0:0] :cali-fw-cali965c31dfb73 - [0:0] :cali-fw-calia3a57856439 - [0:0] :cali-fw-caliad21bc669e5 - [0:0] :cali-fw-calibe7cb9ec84d - [0:0] :cali-pi-_NN8eH6jJQKwLM9t9UJm - [0:0] :cali-pi-k8s-policy-no-match - [0:0] :cali-po-_NN8eH6jJQKwLM9t9UJm - [0:0] :cali-po-k8s-policy-no-match - [0:0] :cali-pri-k8s_ns.mathoid - [0:0] :cali-pro-k8s_ns.mathoid - [0:0] :cali-to-host-endpoint - [0:0] :cali-to-wl-dispatch - [0:0] :cali-to-wl-dispatch-2 - [0:0] :cali-to-wl-dispatch-5 - [0:0] :cali-to-wl-dispatch-a - [0:0] :cali-tw-cali1bc5dba9454 - [0:0] :cali-tw-cali23975c12260 - [0:0] :cali-tw-cali298241499c4 - [0:0] :cali-tw-cali35f5ced3039 - [0:0] :cali-tw-cali5018bf937e4 - [0:0] :cali-tw-cali5fb1db646ac - [0:0] :cali-tw-cali75293e80b4e - [0:0] :cali-tw-cali965c31dfb73 - [0:0] :cali-tw-calia3a57856439 - [0:0] :cali-tw-caliad21bc669e5 - [0:0] :cali-tw-calibe7cb9ec84d - [0:0] :cali-wl-to-host - [0:0] [38489972:15304997991] -A INPUT -j KUBE-FIREWALL [415460:24879728] -A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes externally-visible service portals" -j KUBE-EXTERNAL-SERVICES [38075464:15280607944] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT [183:5920] -A INPUT -i lo -j ACCEPT [15010:480704] -A INPUT -m pkttype --pkt-type multicast -j ACCEPT [90:91404] -A INPUT -p tcp -m state --state NEW -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP [11379:955836] -A INPUT -p icmp -j ACCEPT [0:0] -A INPUT -s 208.80.154.86/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 208.80.153.54/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 91.198.174.113/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 198.35.26.6/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 103.102.166.7/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 208.80.154.151/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 10.192.0.11/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.16.42/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.32.23/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.48.71/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.0.117/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.16.102/32 -p tcp -m tcp --dport 179 -j ACCEPT [756:48384] -A INPUT -s 208.80.153.192/32 -p tcp -m tcp --dport 179 -j ACCEPT [756:48384] -A INPUT -s 208.80.153.193/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.64.32.133/32 -p tcp -m tcp --dport 10250 -j ACCEPT [0:0] -A INPUT -s 10.64.0.45/32 -p tcp -m tcp --dport 10250 -j ACCEPT [0:0] -A INPUT -s 10.192.16.26/32 -p tcp -m tcp --dport 10250 -j ACCEPT [0:0] -A INPUT -s 10.192.0.93/32 -p tcp -m tcp --dport 10250 -j ACCEPT [4:240] -A INPUT -s 10.192.0.145/32 -p tcp -m tcp --dport 10255 -j ACCEPT [4:240] -A INPUT -s 10.192.16.189/32 -p tcp -m tcp --dport 10255 -j ACCEPT [200210:12012580] -A INPUT -s 208.80.154.84/32 -j ACCEPT [186689:11201340] -A INPUT -s 208.80.153.74/32 -j ACCEPT [0:0] -A INPUT -s 10.192.0.145/32 -p tcp -m tcp --dport 9100 -j ACCEPT [0:0] -A INPUT -s 10.192.16.189/32 -p tcp -m tcp --dport 9100 -j ACCEPT [0:0] -A INPUT -s 10.192.0.145/32 -p tcp -m tcp --dport 9105 -j ACCEPT [0:0] -A INPUT -s 10.192.16.189/32 -p tcp -m tcp --dport 9105 -j ACCEPT [0:0] -A INPUT -s 10.64.32.25/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 10.192.48.16/32 -p tcp -m tcp --dport 22 -j ACCEPT [16:6624] -A INPUT -d 255.255.255.255/32 -p udp -m udp --sport 67 --dport 68 -j DROP [499:28312] -A INPUT -m limit --limit 1/sec -j NFLOG --nflog-prefix "[fw-in-drop]" [77480685:14154032248] -A FORWARD -m comment --comment "kubernetes forwarding rules" -j KUBE-FORWARD [17:1292] -A OUTPUT -p icmp -m icmp --icmp-type 5 -j LOG [389285:155868766] -A OUTPUT -j KUBE-FIREWALL [5620918:337734913] -A OUTPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES [0:0] -A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP [419439:25166340] -A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT [0:0] -A cali-FORWARD -m comment --comment "cali:jxvuJjmmRV135nVu" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT [71401005:23452962882] -A cali-FORWARD -i cali+ -m comment --comment "cali:nu_3aWP3DUkeeFF6" -j cali-from-wl-dispatch [90257068:23611315744] -A cali-FORWARD -o cali+ -m comment --comment "cali:DjrV_uMYqr-g4joA" -j cali-to-wl-dispatch [902346:84988857] -A cali-FORWARD -i cali+ -m comment --comment "cali:Hl34eZwIcbzmic3y" -j ACCEPT [13105440:786326400] -A cali-FORWARD -o cali+ -m comment --comment "cali:O17zRKq2dvqwJKGA" -j ACCEPT [72422661:13258944676] -A cali-FORWARD -m comment --comment "cali:aTQofb9V5IPBvpDr" -j MARK --set-xmark 0x0/0x7000000 [72422661:13258944676] -A cali-FORWARD -m comment --comment "cali:yl6jfcAHxkOSlAV7" -j cali-from-host-endpoint [72422661:13258944676] -A cali-FORWARD -m comment --comment "cali:zA6HyaP1JlANkvKN" -j cali-to-host-endpoint [0:0] -A cali-FORWARD -m comment --comment "cali:xYGCuGpZAkaFt1KN" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT [0:0] -A cali-INPUT -m comment --comment "cali:46gVAqzWLjH8U4O2" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT [17960608:3451258201] -A cali-INPUT -i cali+ -m comment --comment "cali:yb_wYwqOAlwJU5gw" -g cali-wl-to-host [38027246:14863324357] -A cali-INPUT -m comment --comment "cali:2cs1o_c3IGSHt8wF" -j MARK --set-xmark 0x0/0x7000000 [38027246:14863324357] -A cali-INPUT -m comment --comment "cali:kYbxo4ThzIDv5Tbk" -j cali-from-host-endpoint [0:0] -A cali-INPUT -m comment --comment "cali:T-myOFrvU8AM3EEU" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT [0:0] -A cali-OUTPUT -m comment --comment "cali:FwFFCT8uDthhfgS7" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT [26791533:1738525891] -A cali-OUTPUT -o cali+ -m comment --comment "cali:lE9pRQNw1a_fJ2-L" -j RETURN [35972669:15082922754] -A cali-OUTPUT -m comment --comment "cali:kXSia9_8D_I9Mx8M" -j MARK --set-xmark 0x0/0x7000000 [35972669:15082922754] -A cali-OUTPUT -m comment --comment "cali:xuyU_DgoL_xoueJt" -j cali-to-host-endpoint [0:0] -A cali-OUTPUT -m comment --comment "cali:-KZpg9OTpqQcNRfw" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT [0:0] -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT [0:0] -A cali-failsafe-in -p udp -m comment --comment "cali:LwNV--R8MjeUYacw" -m multiport --dports 68 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:73bZKoyDfOpFwC2T" -m multiport --dports 2379 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:QMFuWo6o-d9yOpNm" -m multiport --dports 2380 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:Kup7QkrsdmfGX0uL" -m multiport --dports 4001 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:xYYr5PEqDf_Pqfkv" -m multiport --dports 7001 -j ACCEPT [0:0] -A cali-failsafe-out -p udp -m comment --comment "cali:nbWBvu4OtudVY60Q" -m multiport --dports 53 -j ACCEPT [0:0] -A cali-failsafe-out -p udp -m comment --comment "cali:UxFu5cDK5En6dT3Y" -m multiport --dports 67 -j ACCEPT [0:0] -A cali-from-wl-dispatch -i cali1bc5dba9454 -m comment --comment "cali:uVMkqIb93ML7WPo8" -g cali-fw-cali1bc5dba9454 [0:0] -A cali-from-wl-dispatch -i cali2+ -m comment --comment "cali:U8gh0E3OuAS1lWWU" -g cali-from-wl-dispatch-2 [0:0] -A cali-from-wl-dispatch -i cali35f5ced3039 -m comment --comment "cali:srTdKoPIGyKXLAEy" -g cali-fw-cali35f5ced3039 [0:0] -A cali-from-wl-dispatch -i cali5+ -m comment --comment "cali:KeHdrI6nc3GdxxDF" -g cali-from-wl-dispatch-5 [0:0] -A cali-from-wl-dispatch -i cali75293e80b4e -m comment --comment "cali:Y0luhiYV4gN57u3X" -g cali-fw-cali75293e80b4e [0:0] -A cali-from-wl-dispatch -i cali965c31dfb73 -m comment --comment "cali:4H-4wX0zEGRke25t" -g cali-fw-cali965c31dfb73 [0:0] -A cali-from-wl-dispatch -i calia+ -m comment --comment "cali:iTSi_zCPPSmQFH_T" -g cali-from-wl-dispatch-a [0:0] -A cali-from-wl-dispatch -i calibe7cb9ec84d -m comment --comment "cali:7_MZTD85W9b_1bdx" -g cali-fw-calibe7cb9ec84d [0:0] -A cali-from-wl-dispatch -m comment --comment "cali:GaUQFKPSo55OhjCw" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-from-wl-dispatch-2 -i cali23975c12260 -m comment --comment "cali:SivcHjvO1LDQ7WcO" -g cali-fw-cali23975c12260 [0:0] -A cali-from-wl-dispatch-2 -i cali298241499c4 -m comment --comment "cali:9SRXIDIObIUuDFMo" -g cali-fw-cali298241499c4 [0:0] -A cali-from-wl-dispatch-2 -m comment --comment "cali:eRyrccMcgX4oq0km" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-from-wl-dispatch-5 -i cali5018bf937e4 -m comment --comment "cali:CDXq9AEN91WbI0Tf" -g cali-fw-cali5018bf937e4 [0:0] -A cali-from-wl-dispatch-5 -i cali5fb1db646ac -m comment --comment "cali:Ew5-BeKftE4CC9GB" -g cali-fw-cali5fb1db646ac [0:0] -A cali-from-wl-dispatch-5 -m comment --comment "cali:vURt9AQvI0U6xx6d" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-from-wl-dispatch-a -i calia3a57856439 -m comment --comment "cali:e4eUCmJQPQ5isGvD" -g cali-fw-calia3a57856439 [0:0] -A cali-from-wl-dispatch-a -i caliad21bc669e5 -m comment --comment "cali:rkBwLKcFK5EJBNhQ" -g cali-fw-caliad21bc669e5 [0:0] -A cali-from-wl-dispatch-a -m comment --comment "cali:aRikphVWaJN0fnSb" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:Njor_ZOuw2ql5kfe" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:zbpLgvDSkOmT9uF7" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:N5u6E6DQzd2rOlDP" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:y5jR_g0xC7zNuSxH" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:guaxsLwJsDeSwPqF" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:GBeW09ouLQOxXYz2" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:b3lm-r6GChZeMafc" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:-iPH_8RS_ISRyWYO" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:ti94CTRZ1PZ8s-9_" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:T_lq5TAuvF4AwERZ" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:eZ10E77aE01NDKIE" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:VKCNI6f98uj9mVfq" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:_jRNtMwPSJw2nquV" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:7OJe0spv2h2pfCA3" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:z6f0SoxjmptCtNHc" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:psi0BVaQCYUMvB5f" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:v6wLDULTC9oiYEa3" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:J1setqR5pJk7mAbn" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:FB1Q1siOwsm_Qp81" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:tIeSrG355K3sdLOd" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:35JaEomVrN4fwS0K" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:PcmyRJyUgIkxUmSW" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:9fx1Wew_RHFh-Vwr" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:pwyk5XtOxi8vYVxc" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:4yoYhqzUDfl28bWU" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:kGnxyWo0df0TQ62m" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:HofPAMf-4gHk4hRx" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:H-iMXNd7rArzL49Q" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:RS9w2nrkz95ciHYe" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:-XdwtvzuEAU2zydO" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:AbixDEHkWsgEzAee" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:__Hfu2hV_b67aD6k" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:2tV7l5I__IsfFS1H" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:-L1ln4h3E2CDywJA" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:n3p4tRc9vteHGVUo" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:hD6G17eturpG2mFe" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:s5EdAe-WtzBVybD5" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:EcixVfaLuXCuoSLX" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:hCztxRfKb5haGiLE" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:QLQOmKHeu4CzVOSU" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:tO349ueQ2po0HYIc" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:HIVry_Q_irv_B3__" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:vBwuo9WFyUwMkukH" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:pfDfxEWMJDAS9xJz" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:s6kFtDmL2v9PV4n7" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:4eVOYIH-we7g_C8t" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:HytF2T5l_-WJ1QTq" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:C-yosQ_ttin7QiBQ" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:22nG2325hfghBYeR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:XRGnKu1VzKNmz5m2" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:7UmkwgfjMYm0GP2x" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:KFWb527jQv-gwLxy" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:IzqgYvGnakydbfkZ" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:xDAaqzVQKSQHXpGd" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:95nDbMxc6ZP6BsgB" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:2GsEeCHJcMu8otJc" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:JGD0aOm0e9UCb8CD" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:3Zm9sKBx4l7d_f8l" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:CnAIAynIq4maHNQT" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:6Tu-cKeYdiX-M--9" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:wuToFF6rBi_nfODK" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:V5Dh_jyKTV9V_Ef6" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:jeMmSeTn-eiMVsyi" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:GxRmk-vC0kntQXFT" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:Jqz6_D6KpMwFOehp" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:oJ3voqWjC4xDbTUs" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:vhGd2C2Ubaqhvoks" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:neVpMiwez6n4Tq0V" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:ZWKJ8fbTx2Zc1mR3" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:lduC3Mko51hR95ch" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:U2GQtRO4ODl5HpMh" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:Esq-UD1ESrGE0mss" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:2yaa42jBmWYEa0ds" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:w2aMUMbNpO7aiAR2" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:Di5wVYqD5N0fT2yR" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:hEQlGaUD2FItrC7j" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:xZ4aI4dTQAoeDOxx" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:ODL1gTPRaVW7iAzh" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:BlwIVMliHprf_qnw" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:9OhVLPN4fIr42lZR" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:yci_2wLUFrPXyDW4" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:_UjvwBbxxE9l83mg" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:Ed2iNGvyzLb2WL3I" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:72DWnEpPck0uOrIE" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:fXtXkOtj1xDkfBLI" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:LRqGF_yVQaf6huX0" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:fUEMdt6dIJn34HiC" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:xxJLw5LVHy-QMQF-" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:MuluroyqXr206l5Q" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:rFWiialgZ2EbBW4J" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:kytqIBbnqSeL1JTl" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:646dBA6iroLhgbIh" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:UpGM8WgOYMLlsE57" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:IyECIAECmpB_JEVJ" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:_ysDaFITgTqGwWQ6" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:FmixNSL7uaHoi-NL" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:v9ArnC2HJC82WAvm" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:TPGtvCuH2yQuyb-3" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:dhMgJ9-tKMHtpTwS" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:6j8RgIVZW4U4JXzC" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:Zs_hyWdjBz8eLdfg" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:srl_00oN2VkD_mp6" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:Oq0NaOaP2BdLeqoC" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:9iSDPeOnZETKmzy9" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:LwwGmw9r6I4yxXef" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:nifipVGuDkzUSGV7" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:pr-vfVoOlxJEenZo" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:T6OYnyN8yYcZcfGS" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:C0z0DouPIefEOHas" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:ED0GMxSw4rUt2bJR" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:qTo3Yxf2Qz93SzbL" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:yKh6-42RrwG8MZrr" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:1oxWoniki-lL2iwg" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:e3qkHLWcCm059R93" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:cdB-_EfGZzfgQ5lB" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:AoBNVWTDihywZ0gh" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:oJJmO7RpCbzgbZek" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:t79EaAwLbfguCUPt" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:yOiXi2j_6Hr_l45O" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:TBoEGKjQ-T47jGTd" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:l1XRnOyPGIFsKs7r" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:c5ngPeXwsgxVcytJ" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:zNOgUYDtH-LJYiI3" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:vSw8q-aHNTLsoVL_" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:Ks_mT0WPjR9xEGNA" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:0jS7AuSot8uvYbbJ" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:iqI2530zkoChwE2U" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:sJBEO3ZmM-KFr7o4" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:aa40OaZGhb5qMDIm" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:jSmmpPh_xeCZyiVA" -m comment --comment "Drop if no profiles matched" -j DROP [495954:29757240] -A cali-pi-_NN8eH6jJQKwLM9t9UJm -p tcp -m comment --comment "cali:L9wBYmIq1tVTrZ0e" -m multiport --dports 10044,9102 -j MARK --set-xmark 0x1000000/0x1000000 [495954:29757240] -A cali-pi-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:-JLGkjr5h5p2yYkk" -m mark --mark 0x1000000/0x1000000 -j RETURN [40:2400] -A cali-pi-k8s-policy-no-match -m comment --comment "cali:eXR8WKtGQfKPd5zm" -j MARK --set-xmark 0x2000000/0x2000000 [40:2400] -A cali-pi-k8s-policy-no-match -m comment --comment "cali:J7UwAp2kUUNYDEbZ" -m mark --mark 0x2000000/0x2000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.64.0/21 -m comment --comment "cali:Hb_51jLXnfOG55Ee" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:cLF0h3yCOrcSDnrl" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.64.0/21 -m comment --comment "cali:CdwsSH_58_DbGvf0" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Oa68jDAaW6NII-m6" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.75.0/24 -m comment --comment "cali:TSXdJ1H2N_hXyday" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:mf2BTGZY0ISNWkNh" -m mark --mark 0x1000000/0x1000000 -j RETURN [24:1680] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.254/32 -p udp -m comment --comment "cali:0LzccY922C2RXHxm" -m multiport --dports 53 -j MARK --set-xmark 0x1000000/0x1000000 [24:1680] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:HRMOBzbeUb8jaL4u" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.254/32 -p udp -m comment --comment "cali:bhiaHiL9JCHwqHvi" -m multiport --dports 53 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0q4r-SxGe_ibo0no" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.49/32 -p tcp -m comment --comment "cali:hToG5b-iPJFd5XjI" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:eSo6kMycXntF2a1T" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.16/32 -p tcp -m comment --comment "cali:kyvmINmgTIfxjSaX" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:zRgMTTBKw1py7iIv" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.50/32 -p tcp -m comment --comment "cali:iYfLoQeLIq_czQ4P" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:aGzXXBhuOWVcS6FN" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.80/32 -p tcp -m comment --comment "cali:XpdQ0OL7hPwSSSNe" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XjeixYpdjfuf2671" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.155/32 -p udp -m comment --comment "cali:-EBqY4sXgD3gPi7P" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:suEYEFA8kMWqTNkV" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.149/32 -p udp -m comment --comment "cali:rnJyq8BucayeNV6Q" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:LFhASW0XbK8DuS3t" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.33/32 -p udp -m comment --comment "cali:MdaRdYW1qhouPjZ7" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:wbOg7IZSwPvrZmfP" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.36/32 -p tcp -m comment --comment "cali:jpm6xvx86o-ZoCo5" -m multiport --dports 10514,11514 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:GNWq-7eQNyPTDmcm" -m mark --mark 0x1000000/0x1000000 -j RETURN [24:7139] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.36/32 -p udp -m comment --comment "cali:voBBjKhA4F4o55ug" -m multiport --dports 8324,10514,11514,12201 -j MARK --set-xmark 0x1000000/0x1000000 [24:7139] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:5YZDpOvkoQEE3lRA" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.17/32 -p tcp -m comment --comment "cali:dLmgOSNW0H_6Exkg" -m multiport --dports 7231 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:9H-mzrz4ehEKXl1X" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.17/32 -p tcp -m comment --comment "cali:was_SzvHzmFTyt02" -m multiport --dports 7231 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0YVo7kQNQjbvKRj2" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.22/32 -p tcp -m comment --comment "cali:oFAHWeFrCSIrpZlD" -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:JiJ4vNTbfZRUEzd0" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.22/32 -p tcp -m comment --comment "cali:TSDl4FLJ1ujJHuXv" -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:1i1RU4vECUoFlmo0" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.23/32 -p tcp -m comment --comment "cali:MSU4fRChUyOk4lyp" -m multiport --dports 8085 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:NKIPE4KwZPTViOzH" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.23/32 -p tcp -m comment --comment "cali:gez_Tq-M3vy4iAbe" -m multiport --dports 8085 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:j405UyE0p_-_uU4_" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.224/32 -p tcp -m comment --comment "cali:nsQ7TdxDHOCY2nAI" -m set --match-set cali4-s:xo0brK9aUuXJ0GzbOaeP8VM src -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:OLwF7XZTMAkYeIwD" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.224/32 -p tcp -m comment --comment "cali:CIiPZCu1Pl84ZOvB" -m set --match-set cali4-s:xo0brK9aUuXJ0GzbOaeP8VM src -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:krmNho4RTZf3JHFx" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.175/32 -p tcp -m comment --comment "cali:-lsa6yyGNVX9YJvM" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:yq1vrydFLuztiAxM" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.176/32 -p tcp -m comment --comment "cali:xOyAo5MZznuPJ0VR" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:C4QvUoW31pNb1q2x" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.99/32 -p tcp -m comment --comment "cali:GDTd_AKxf_MCDzC9" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xehNYDdstr1q27_L" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.159/32 -p tcp -m comment --comment "cali:Mx3mdosC-q2_oVyr" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:YJfgYuXByL6Z0rcg" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.160/32 -p tcp -m comment --comment "cali:wqpGhyiIgU0HqgqV" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:i8Lo3DEhoWHCG-l9" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.117/32 -p tcp -m comment --comment "cali:0vIFTcCn2xof7bPx" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0FIS-6aBRY5HaW2z" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.11/32 -p tcp -m comment --comment "cali:5mg0z5kLGALR_v0Z" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:qOgLgO8Sj8yp39EU" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.41/32 -p tcp -m comment --comment "cali:vYOP__ycNKS_Q4df" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:KASRTrn_jE4O2ugX" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.127/32 -p tcp -m comment --comment "cali:239PHQPk3QDSKiO_" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:iD9f9V8X2ecxIpRZ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.0.139/32 -p tcp -m comment --comment "cali:cUBgVmeG-jcvcUZf" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:nwk6_sRVxUcAEjWK" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.169/32 -p tcp -m comment --comment "cali:R0o3GB60AUlNlWWE" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:vjn0AaWFUpbYaWrn" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.150/32 -p tcp -m comment --comment "cali:xnwjOFv4OUKJaucv" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:euZALIbnZTydQMdY" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.16/32 -p tcp -m comment --comment "cali:aT25RyT5mGT9Qrkf" -m set --match-set cali4-s:3iAwASLOol-1TU-fuIwcqNd src -m multiport --dports 1969 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XfEpwu70WMkeKIfw" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.16/32 -p tcp -m comment --comment "cali:ganCI2cFEqi7g3Lu" -m set --match-set cali4-s:3iAwASLOol-1TU-fuIwcqNd src -m multiport --dports 1969 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:QZMd6IRhm3TCiSlg" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.11/32 -p tcp -m comment --comment "cali:SP-jn_pyJ4jRPzCL" -m set --match-set cali4-s:XyHxHeVogA5VjZuGWWoyiFE src -m multiport --dports 2737 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xq3dYdT4-TU2Uft7" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.11/32 -p tcp -m comment --comment "cali:8tIsQjEQz-S-k9hg" -m set --match-set cali4-s:XyHxHeVogA5VjZuGWWoyiFE src -m multiport --dports 2737 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:icVFUfOKxWL5ts9k" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.141/32 -p tcp -m comment --comment "cali:EJ4xw6_ooRSmxkEX" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:OChzA5wDSSJTxiUa" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.144/32 -p tcp -m comment --comment "cali:s1Lf70rUZIAFvs_w" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:enVSzo2CAltgV_Bx" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.78/32 -p tcp -m comment --comment "cali:Jx1uBPQmrMWx_oaJ" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:ahKzoHayc6fw_SQV" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.85/32 -p tcp -m comment --comment "cali:3yMxM5zhnGW-I-2-" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:61YXn1-Qzpb3qtiB" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.175/32 -p tcp -m comment --comment "cali:mba6qyUOLSSLLqHM" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:y6SsLdSij2xjfyLL" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.178/32 -p tcp -m comment --comment "cali:eo84dXxQcHxDJmco" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:EsSPRvtEHUEYBRWR" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.79/32 -p tcp -m comment --comment "cali:kB8NHJq9078azHWs" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:qBveAzuLEZf1WZbb" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.95/32 -p tcp -m comment --comment "cali:u93nS4bppllE_C0o" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:tgqV9ieHo74uFixJ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.15/32 -p tcp -m comment --comment "cali:BrePDK_xvt2ipGov" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Chi9pg6vdMsHGeas" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.101/32 -p tcp -m comment --comment "cali:0ePK4nqW1dpdjADJ" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:bjqFtZLozs6st18o" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.48.118/32 -p tcp -m comment --comment "cali:5JlNLd1a_jez6bdm" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:d68cYQOpH_8dqspS" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.48.132/32 -p tcp -m comment --comment "cali:9HUmbYptZh3xhB2H" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:RTFL7wCGVYzcgR0s" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.89/32 -p tcp -m comment --comment "cali:1cX5VaVM1-ANLf60" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:gl8VZV-OczjD0-dz" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.167/32 -p tcp -m comment --comment "cali:ENsolVnLFMJ9Swv0" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XHlgJdgJ54zFk55_" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.168/32 -p tcp -m comment --comment "cali:RddV6MngR8TAbury" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:gkMGNcsmscCOYBNB" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.96/32 -p tcp -m comment --comment "cali:R4dEpuBNc68KvaZ5" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:w4ucO7TsqRaq6GkZ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.97/32 -p tcp -m comment --comment "cali:n1AEs2-__xZDotlh" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xnCC1IwIp306y37P" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.98/32 -p tcp -m comment --comment "cali:WA2-ZXPLBkM2VFz5" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:aMx6AymLQKfsWfdt" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.10/32 -p tcp -m comment --comment "cali:pKraBpLCOltQGgfP" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:yG89BiNgIQXWhRbt" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.168/32 -p tcp -m comment --comment "cali:_KpeiGmQZH6I2OHO" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:YMLlu9icrA9S-RSL" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.169/32 -p tcp -m comment --comment "cali:ikQRoJlZQVyFuHxX" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:t1vtn1pqFQ56zUzQ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Wb6k-cOv-_qGCmYE" -j DROP [15:996] -A cali-po-k8s-policy-no-match -m comment --comment "cali:M1MvnGSuWnBDoJxY" -j MARK --set-xmark 0x2000000/0x2000000 [15:996] -A cali-po-k8s-policy-no-match -m comment --comment "cali:srq_4spRBeZ7r-5T" -m mark --mark 0x2000000/0x2000000 -j RETURN [0:0] -A cali-pri-k8s_ns.mathoid -m comment --comment "cali:0WjF7fFjIB9eUVtx" -j DROP [6:408] -A cali-pro-k8s_ns.mathoid -m comment --comment "cali:7cwIC811QXJnus-Q" -j MARK --set-xmark 0x1000000/0x1000000 [6:408] -A cali-pro-k8s_ns.mathoid -m comment --comment "cali:Wg5MbFzoWNtFek1F" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-to-wl-dispatch -o cali1bc5dba9454 -m comment --comment "cali:cNZdQdgAc2-SFTvS" -g cali-tw-cali1bc5dba9454 [0:0] -A cali-to-wl-dispatch -o cali2+ -m comment --comment "cali:gPdiOwfve5OlSvVW" -g cali-to-wl-dispatch-2 [0:0] -A cali-to-wl-dispatch -o cali35f5ced3039 -m comment --comment "cali:rz34gdiMwSC55wCh" -g cali-tw-cali35f5ced3039 [0:0] -A cali-to-wl-dispatch -o cali5+ -m comment --comment "cali:c1Nbcw3jwp9ajJTc" -g cali-to-wl-dispatch-5 [0:0] -A cali-to-wl-dispatch -o cali75293e80b4e -m comment --comment "cali:oK4fFWEq6x2tlpV5" -g cali-tw-cali75293e80b4e [0:0] -A cali-to-wl-dispatch -o cali965c31dfb73 -m comment --comment "cali:_v1ftiFjCAzBjsR0" -g cali-tw-cali965c31dfb73 [0:0] -A cali-to-wl-dispatch -o calia+ -m comment --comment "cali:plLkv1BJsmWZ2VG6" -g cali-to-wl-dispatch-a [0:0] -A cali-to-wl-dispatch -o calibe7cb9ec84d -m comment --comment "cali:ZKBHYyFTBh1dOx3c" -g cali-tw-calibe7cb9ec84d [0:0] -A cali-to-wl-dispatch -m comment --comment "cali:IVId-lKIYyKXAURg" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-to-wl-dispatch-2 -o cali23975c12260 -m comment --comment "cali:bb9P9DGVdGPgS_mi" -g cali-tw-cali23975c12260 [0:0] -A cali-to-wl-dispatch-2 -o cali298241499c4 -m comment --comment "cali:AadfO4TVWxyaUPbF" -g cali-tw-cali298241499c4 [0:0] -A cali-to-wl-dispatch-2 -m comment --comment "cali:Vbe0sFz-i6XPXgRz" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-to-wl-dispatch-5 -o cali5018bf937e4 -m comment --comment "cali:-A_CG1T6xh4mK-9O" -g cali-tw-cali5018bf937e4 [0:0] -A cali-to-wl-dispatch-5 -o cali5fb1db646ac -m comment --comment "cali:ApAcVdl9VYEpPJ6I" -g cali-tw-cali5fb1db646ac [0:0] -A cali-to-wl-dispatch-5 -m comment --comment "cali:JSL-34oy_4YhqAaz" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-to-wl-dispatch-a -o calia3a57856439 -m comment --comment "cali:EuJb-okjTbyHgD2i" -g cali-tw-calia3a57856439 [0:0] -A cali-to-wl-dispatch-a -o caliad21bc669e5 -m comment --comment "cali:BfCOOVdhJLNClQW_" -g cali-tw-caliad21bc669e5 [0:0] -A cali-to-wl-dispatch-a -m comment --comment "cali:hrGCKOQigyZlrBNa" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:ZKl3Wu4VWAHJObIO" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:e3-FuCuOqged4Vor" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:NTUFA6lKC0i2a6Qs" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:2jYAGjdeCnXbj3JH" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:MnKl5WYlbW1qYMLy" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:tJTgQc0Jvl1bWybV" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:9oXc0LTO7M0s5CQm" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:RD_XDa2dI7Fihhfm" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:ncnWodbIPfVkhOxd" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:h3lOWZ82zu-lEPDj" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:4TNWmYYgVik1JPV4" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:8uefxez8Qok_YAMQ" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:dhHLITPqH_3UYkYn" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:wSLtQQcwhYZWPY-y" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:3myFe7uxnmCth_q5" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:2k9jZOAktdxeZWDL" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:6g7NVYX0jz6Sempv" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:PU8Au0OUclqF3TxV" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:wUIptsarhtxXtClK" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:N1TJXxRkVdtpr60p" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:ewE9vLNyUZdtK59w" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:7LqObWaCgBhNfv4-" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:wcwE4b6P4tMOZytA" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:rQsGW4MNEjbr6oTN" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:7-8AhBq85aqaodSh" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:UK-o6Q-TQ_8bE_j8" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:GzE249GNjpBWq8M_" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:D4Ow8L8NB_DrN0FP" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:UKas_q2Rn4x5T5BT" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:qRD4p2_mACCAe5ib" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:1D6iZzGfrL3AHO_p" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:4mhL8xI_0AF7L3Wd" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:Z2PJvQHbmkft0Q10" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:86ZkcAMvgCLrNz1e" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:9mhEAecHn89vRXuA" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:bPmOap2dPZPGc_UP" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:41Z85N2kGbn1T-Iu" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:Wme31Csv2krhCrqA" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:jpY24R8x6ElABCiP" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:mlf16EZpiRxNlXRO" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:3kWZEts8vzgnL6X4" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:hvkc1yR9jklKge5B" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:K4T_b-c6qO1P0Udg" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:M1DCbYwUpU-izBQT" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:h5PZqz88cFdfhY17" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:EncxxvLNM5y90mby" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:f6foIBpUiIP7S0LY" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:HdQJzJUV3oQ9Kcgk" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:69k0MnDaUVG1VgFI" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:p-LGAaJco89yY619" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:OKusYe15lxx0tsYc" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:76j9UTPW9zELy73R" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:yahMIjDNXFaEdegu" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:clu70Q6qsvWoD97U" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:Rv0BELdYGTOQ0lSh" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:JnTcovmhC1aKBQJG" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:b64gYgTrCXk439Gp" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:fX9myoks3E0Mln3r" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:kt3RKUFDc2yAzOVv" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:fH-je3VTDCpFhnmY" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:9BfSzWlZ7ojg9cNb" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:IIwv0lqqxOnPQQFJ" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:SQMjSi8746HHa1wX" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:8cb0aSMPIX120BEg" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:LLTghy0y7aSsaXjG" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:9t3S-bJcNMUVWvUy" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:LlUqC3nhncx3danm" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:Qn-5siQ-HtvbiXxy" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:h7LxA8ZW2eq4WcvV" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:-VD7BBbJag7gBrvl" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:ncO4XC74_yNf1kdg" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:YT7Uc4cQ-n3NU9oD" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:aiX64wzb-M82JupH" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:FFJfBJijORin4oHW" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:4z2mvc-uIgUA5A5f" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:pHys7QemgOtvdgB6" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:LZKecbngr26fghRv" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:nxUCgrZpHTIXCpOU" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:UY5c4S0F8BY6KaNx" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:U7BTD121zTLKGaec" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:L45ZBYhggeq_1H0d" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:dHbB88gSEbohyiAr" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:a0Mw8N92rw7GA9NJ" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:guI_53A27PFW0jkc" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:jzg_V-EpqXOaKBv3" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:0P83-8b4lun2XGIN" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:WcsMn4CWDbqQidFu" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:QgOzTmIQTey4KlL3" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:fVRwHvOxXydEuB76" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:4Eyd1blgO8_HDeGw" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:mjjpQ93dXgkk_VTW" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:CPGMFDTeq96a6v-i" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:U3fRDcp89h-U4OLY" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:gaOeDX7_LZebixml" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:HYBisH7HbdYABxHe" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:9xRAsvwlZevWzGPi" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:VNfB6KoJoW35xPw9" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:A9eF7EvA9GWDuTri" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:lWNrNYioDGGvEBDe" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:qALacMFNcseGqGMB" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:jnG-SZ45u0Fhxymb" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:d9Hu125C_uiaKzly" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:gu9EEqcm5NCxZ2TD" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:syqkmlwiRioBVRAI" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:Di9lEuvq0sYFrIXq" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:lttR-7x62zeJQLrB" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:f1LZwukNsOHtjLRp" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:Jrs1xdOwq9QyuEXt" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:CzxX4OziLuiY_PBi" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:iVDyyy8CoaClEUqp" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:KkpJIv2DbJ4xJum5" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:DUC5wupS6gW2Ad63" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:G7oRXZMh5BSi154v" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:j_I2eAazK-h0kEAY" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:4GD6Egdl9-TbzZm_" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:cOEfUH3dXDvodneM" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:-JOq-2DhOk8K1i7F" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:PtP-YvJYp89Xv2Ew" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:nRumTAeNct6WhuyT" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:8CXHeyEI3FtdtoLy" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:oM0R1fUIRgYLyiVF" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:mJvPqt_Dh9JuXcC3" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:qrO2mfy6qvgycmrO" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:Vt6FBz_P61a83t_y" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:ix9RWs7amofIvZoy" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:cRkmK3JfQOM70Vvj" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:Ca_0NIF5hy9o82ql" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:DNfwf-pMCBxdxdWT" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:PFk5fCeWLudiB7ID" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:nsrrDzsZGjARILnm" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-wl-to-host -p udp -m comment --comment "cali:aEOMPPLgak2S0Lxs" -m multiport --sports 68 -m multiport --dports 67 -j ACCEPT [0:0] -A cali-wl-to-host -p udp -m comment --comment "cali:SzR8ejPiuXtFMS8B" -m multiport --dports 53 -j ACCEPT [17960608:3451258201] -A cali-wl-to-host -m comment --comment "cali:MEmlbCdco0Fefcrw" -j cali-from-wl-dispatch [0:0] -A cali-wl-to-host -m comment --comment "cali:Q2b2iY2M-vmds5iY" -m comment --comment "Configured DefaultEndpointToHostAction" -j RETURN COMMIT
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
Merging in as in P8652
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
Using dropwatch I get
jijiki awarded T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster a Pterodactyl token.
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
Some information in P8652
In T226444#5280715, @RobH wrote:I set these to internal IP/vlan since other ganeti hosts are that way.
Jun 24 2019
Jun 24 2019
akosiaris moved T224857: Enhance MediaWiki deployments for support of php7.x from Doing 😎 to this.quarter 🍕 on the serviceops board.
Jun 21 2019
Jun 21 2019
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
After some mangling with iptables trying to figure out what is going on I 've managed to capture these packets (and their drops?) in iptables and log them
akosiaris moved T222795: Re-evaluate service-runner's (ab)use of statsd timing metric for nodejs GC stats from Backlog to Watched on the serviceops-radar board.
akosiaris edited projects for T222795: Re-evaluate service-runner's (ab)use of statsd timing metric for nodejs GC stats, added: serviceops-radar; removed serviceops.
akosiaris moved T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster from Incoming 🐫 to Doing 😎 on the serviceops board.
akosiaris edited projects for T213564: Datacenter aware configs for EventGate topic prefixes, added: serviceops-radar; removed serviceops.
akosiaris edited projects for T215106: Enlarging the default thumb size on Dutch Wikipedia, added: serviceops-radar; removed serviceops.
akosiaris moved T220405: Services and the deployment pipeline are hosted on production-level infrastructure from Incoming 🐫 to Doing 😎 on the serviceops board.
akosiaris moved T224041: Kask functional testing with Cassandra via the Deployment Pipeline from Incoming 🐫 to API Gateway 🥌 on the serviceops board.
akosiaris edited projects for T224448: Gerrit account cache has a faulty reentrant lock causing http/sendemail threads to stall completely, added: serviceops-radar; removed serviceops.
akosiaris moved T212935: SRE FY2019-20 Q3 goal: Increase reach of deployment pipeline from Incoming 🐫 to Doing 😎 on the serviceops board.
akosiaris moved T219148: Use PHP7 to run all async jobs from Incoming 🐫 to API Gateway 🥌 on the serviceops board.
akosiaris moved T219127: SRE FY19-20 Q1 goal: complete the transition to PHP7 from Incoming 🐫 to API Gateway 🥌 on the serviceops board.
akosiaris edited projects for T203963: Convert makevm to spicerack cookbook, added: serviceops-radar; removed serviceops.
Should we close this? Is there anything left to be done?
akosiaris triaged T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster as Low priority.
https://grafana.wikimedia.org/d/PRA2F67Zz/t226237?orgId=1 was created to help debug with this. It makes more clear that this are indeed outgoing ICMP redirects
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL