Blurb
User Details
User Details
- User Since
- Oct 3 2014, 8:40 AM (246 w, 4 d)
- Availability
- Available
- IRC Nick
- akosiaris
- LDAP User
- Alexandros Kosiaris
- MediaWiki User
- AKosiaris (WMF) [ Global Accounts ]
Today
Today
akosiaris added a comment to T224603: rack/setup/ codfw: ganeti2009 - ganeti201[0-8].
So, the controllers on those boxes can't do hardware RAID and hence the drivers sees them as AHCI. That's fine, we already have multiple boxes with software RAID and can continue doing so. I 've uploaded the partman recipe above that I am currently testing (it already worked past the problematic stage pointed out above) that should resolve this and proceed normally.
akosiaris added a comment to T225623: OTRS ticket notifications missing for at least some users.
Looking at the changelog I can't say I see anything obvious for version in the 5.x branches.
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
Using perf record also leads to the same conclusion as dropwatch for where the packets are dropped/discarded.
akosiaris added a comment to P8652 iptables what on earth.
akosiaris@kubernetes2001:~$ sudo iptables-save -c # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *security :INPUT ACCEPT [482471:458394796] :FORWARD ACCEPT [5230383:926823265] :OUTPUT ACCEPT [401582:160386095] COMMIT # Completed on Tue Jun 25 11:34:30 2019 # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *mangle :PREROUTING ACCEPT [5377748:1301699262] :INPUT ACCEPT [451262:430220111] :FORWARD ACCEPT [4926486:871479151] :OUTPUT ACCEPT [462148:159025185] :POSTROUTING ACCEPT [5303371:1022846712] COMMIT # Completed on Tue Jun 25 11:34:30 2019 # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *raw :PREROUTING ACCEPT [64329:14887148] :OUTPUT ACCEPT [5649:1941977] :cali-OUTPUT - [0:0] :cali-PREROUTING - [0:0] :cali-failsafe-in - [0:0] :cali-failsafe-out - [0:0] :cali-from-host-endpoint - [0:0] :cali-pi-_NN8eH6jJQKwLM9t9UJm - [0:0] :cali-pi-k8s-policy-no-match - [0:0] :cali-po-_NN8eH6jJQKwLM9t9UJm - [0:0] :cali-po-k8s-policy-no-match - [0:0] :cali-to-host-endpoint - [0:0] [64018642:16933962409] -A cali-OUTPUT -m comment --comment "cali:38nOqDjL6rORZtSl" -j MARK --set-xmark 0x0/0x7000000 [0:0] -A cali-OUTPUT -m comment --comment "cali:qxtWla1G8uqJMI9B" -m mark --mark 0x1000000/0x1000000 -j ACCEPT [290048694:78634262604] -A cali-PREROUTING -m comment --comment "cali:x4XbVMc5P_kNXnTy" -j MARK --set-xmark 0x0/0x7000000 [89361648:26904223279] -A cali-PREROUTING -i cali+ -m comment --comment "cali:fQeZek80kVOPa0xO" -j MARK --set-xmark 0x4000000/0x4000000 [200687046:51730039325] -A cali-PREROUTING -m comment --comment "cali:xp3NolkIpulCQL_G" -m mark --mark 0x0/0x4000000 -j cali-from-host-endpoint [0:0] -A cali-PREROUTING -m comment --comment "cali:fbdE50A0BiINbNiA" -m mark --mark 0x1000000/0x1000000 -j ACCEPT [0:0] -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT [0:0] -A cali-failsafe-in -p udp -m comment --comment "cali:LwNV--R8MjeUYacw" -m multiport --dports 68 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:73bZKoyDfOpFwC2T" -m multiport --dports 2379 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:QMFuWo6o-d9yOpNm" -m multiport --dports 2380 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:Kup7QkrsdmfGX0uL" -m multiport --dports 4001 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:xYYr5PEqDf_Pqfkv" -m multiport --dports 7001 -j ACCEPT [0:0] -A cali-failsafe-out -p udp -m comment --comment "cali:nbWBvu4OtudVY60Q" -m multiport --dports 53 -j ACCEPT [0:0] -A cali-failsafe-out -p udp -m comment --comment "cali:UxFu5cDK5En6dT3Y" -m multiport --dports 67 -j ACCEPT [0:0] -A cali-pi-_NN8eH6jJQKwLM9t9UJm -p tcp -m comment --comment "cali:L9wBYmIq1tVTrZ0e" -m multiport --dports 10044,9102 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-pi-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:-JLGkjr5h5p2yYkk" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-pi-k8s-policy-no-match -m comment --comment "cali:eXR8WKtGQfKPd5zm" -j MARK --set-xmark 0x2000000/0x2000000 [0:0] -A cali-pi-k8s-policy-no-match -m comment --comment "cali:J7UwAp2kUUNYDEbZ" -m mark --mark 0x2000000/0x2000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.64.0/21 -m comment --comment "cali:Hb_51jLXnfOG55Ee" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:cLF0h3yCOrcSDnrl" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.64.0/21 -m comment --comment "cali:CdwsSH_58_DbGvf0" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Oa68jDAaW6NII-m6" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.75.0/24 -m comment --comment "cali:TSXdJ1H2N_hXyday" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:mf2BTGZY0ISNWkNh" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.254/32 -p udp -m comment --comment "cali:0LzccY922C2RXHxm" -m multiport --dports 53 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:HRMOBzbeUb8jaL4u" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.254/32 -p udp -m comment --comment "cali:bhiaHiL9JCHwqHvi" -m multiport --dports 53 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0q4r-SxGe_ibo0no" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.49/32 -p tcp -m comment --comment "cali:hToG5b-iPJFd5XjI" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:eSo6kMycXntF2a1T" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.16/32 -p tcp -m comment --comment "cali:kyvmINmgTIfxjSaX" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:zRgMTTBKw1py7iIv" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.50/32 -p tcp -m comment --comment "cali:iYfLoQeLIq_czQ4P" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:aGzXXBhuOWVcS6FN" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.80/32 -p tcp -m comment --comment "cali:XpdQ0OL7hPwSSSNe" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XjeixYpdjfuf2671" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.155/32 -p udp -m comment --comment "cali:-EBqY4sXgD3gPi7P" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:suEYEFA8kMWqTNkV" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.149/32 -p udp -m comment --comment "cali:rnJyq8BucayeNV6Q" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:LFhASW0XbK8DuS3t" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.33/32 -p udp -m comment --comment "cali:MdaRdYW1qhouPjZ7" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:wbOg7IZSwPvrZmfP" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.36/32 -p tcp -m comment --comment "cali:jpm6xvx86o-ZoCo5" -m multiport --dports 10514,11514 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:GNWq-7eQNyPTDmcm" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.36/32 -p udp -m comment --comment "cali:voBBjKhA4F4o55ug" -m multiport --dports 8324,10514,11514,12201 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:5YZDpOvkoQEE3lRA" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.17/32 -p tcp -m comment --comment "cali:dLmgOSNW0H_6Exkg" -m multiport --dports 7231 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:9H-mzrz4ehEKXl1X" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.17/32 -p tcp -m comment --comment "cali:was_SzvHzmFTyt02" -m multiport --dports 7231 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0YVo7kQNQjbvKRj2" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.22/32 -p tcp -m comment --comment "cali:oFAHWeFrCSIrpZlD" -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:JiJ4vNTbfZRUEzd0" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.22/32 -p tcp -m comment --comment "cali:TSDl4FLJ1ujJHuXv" -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:1i1RU4vECUoFlmo0" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.23/32 -p tcp -m comment --comment "cali:MSU4fRChUyOk4lyp" -m multiport --dports 8085 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:NKIPE4KwZPTViOzH" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.23/32 -p tcp -m comment --comment "cali:gez_Tq-M3vy4iAbe" -m multiport --dports 8085 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:j405UyE0p_-_uU4_" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.224/32 -p tcp -m comment --comment "cali:nsQ7TdxDHOCY2nAI" -m set --match-set cali4-s:xo0brK9aUuXJ0GzbOaeP8VM src -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:OLwF7XZTMAkYeIwD" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.224/32 -p tcp -m comment --comment "cali:CIiPZCu1Pl84ZOvB" -m set --match-set cali4-s:xo0brK9aUuXJ0GzbOaeP8VM src -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:krmNho4RTZf3JHFx" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.175/32 -p tcp -m comment --comment "cali:-lsa6yyGNVX9YJvM" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:yq1vrydFLuztiAxM" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.176/32 -p tcp -m comment --comment "cali:xOyAo5MZznuPJ0VR" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:C4QvUoW31pNb1q2x" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.99/32 -p tcp -m comment --comment "cali:GDTd_AKxf_MCDzC9" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xehNYDdstr1q27_L" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.159/32 -p tcp -m comment --comment "cali:Mx3mdosC-q2_oVyr" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:YJfgYuXByL6Z0rcg" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.160/32 -p tcp -m comment --comment "cali:wqpGhyiIgU0HqgqV" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:i8Lo3DEhoWHCG-l9" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.117/32 -p tcp -m comment --comment "cali:0vIFTcCn2xof7bPx" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0FIS-6aBRY5HaW2z" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.11/32 -p tcp -m comment --comment "cali:5mg0z5kLGALR_v0Z" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:qOgLgO8Sj8yp39EU" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.41/32 -p tcp -m comment --comment "cali:vYOP__ycNKS_Q4df" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:KASRTrn_jE4O2ugX" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.127/32 -p tcp -m comment --comment "cali:239PHQPk3QDSKiO_" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:iD9f9V8X2ecxIpRZ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.0.139/32 -p tcp -m comment --comment "cali:cUBgVmeG-jcvcUZf" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:nwk6_sRVxUcAEjWK" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.169/32 -p tcp -m comment --comment "cali:R0o3GB60AUlNlWWE" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:vjn0AaWFUpbYaWrn" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.150/32 -p tcp -m comment --comment "cali:xnwjOFv4OUKJaucv" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:euZALIbnZTydQMdY" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.16/32 -p tcp -m comment --comment "cali:aT25RyT5mGT9Qrkf" -m set --match-set cali4-s:3iAwASLOol-1TU-fuIwcqNd src -m multiport --dports 1969 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XfEpwu70WMkeKIfw" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.16/32 -p tcp -m comment --comment "cali:ganCI2cFEqi7g3Lu" -m set --match-set cali4-s:3iAwASLOol-1TU-fuIwcqNd src -m multiport --dports 1969 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:QZMd6IRhm3TCiSlg" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.11/32 -p tcp -m comment --comment "cali:SP-jn_pyJ4jRPzCL" -m set --match-set cali4-s:XyHxHeVogA5VjZuGWWoyiFE src -m multiport --dports 2737 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xq3dYdT4-TU2Uft7" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.11/32 -p tcp -m comment --comment "cali:8tIsQjEQz-S-k9hg" -m set --match-set cali4-s:XyHxHeVogA5VjZuGWWoyiFE src -m multiport --dports 2737 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:icVFUfOKxWL5ts9k" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.141/32 -p tcp -m comment --comment "cali:EJ4xw6_ooRSmxkEX" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:OChzA5wDSSJTxiUa" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.144/32 -p tcp -m comment --comment "cali:s1Lf70rUZIAFvs_w" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:enVSzo2CAltgV_Bx" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.78/32 -p tcp -m comment --comment "cali:Jx1uBPQmrMWx_oaJ" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:ahKzoHayc6fw_SQV" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.85/32 -p tcp -m comment --comment "cali:3yMxM5zhnGW-I-2-" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:61YXn1-Qzpb3qtiB" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.175/32 -p tcp -m comment --comment "cali:mba6qyUOLSSLLqHM" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:y6SsLdSij2xjfyLL" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.178/32 -p tcp -m comment --comment "cali:eo84dXxQcHxDJmco" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:EsSPRvtEHUEYBRWR" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.79/32 -p tcp -m comment --comment "cali:kB8NHJq9078azHWs" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:qBveAzuLEZf1WZbb" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.95/32 -p tcp -m comment --comment "cali:u93nS4bppllE_C0o" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:tgqV9ieHo74uFixJ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.15/32 -p tcp -m comment --comment "cali:BrePDK_xvt2ipGov" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Chi9pg6vdMsHGeas" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.101/32 -p tcp -m comment --comment "cali:0ePK4nqW1dpdjADJ" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:bjqFtZLozs6st18o" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.48.118/32 -p tcp -m comment --comment "cali:5JlNLd1a_jez6bdm" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:d68cYQOpH_8dqspS" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.48.132/32 -p tcp -m comment --comment "cali:9HUmbYptZh3xhB2H" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:RTFL7wCGVYzcgR0s" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.89/32 -p tcp -m comment --comment "cali:1cX5VaVM1-ANLf60" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:gl8VZV-OczjD0-dz" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.167/32 -p tcp -m comment --comment "cali:ENsolVnLFMJ9Swv0" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XHlgJdgJ54zFk55_" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.168/32 -p tcp -m comment --comment "cali:RddV6MngR8TAbury" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:gkMGNcsmscCOYBNB" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.96/32 -p tcp -m comment --comment "cali:R4dEpuBNc68KvaZ5" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:w4ucO7TsqRaq6GkZ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.97/32 -p tcp -m comment --comment "cali:n1AEs2-__xZDotlh" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xnCC1IwIp306y37P" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.98/32 -p tcp -m comment --comment "cali:WA2-ZXPLBkM2VFz5" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:aMx6AymLQKfsWfdt" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.10/32 -p tcp -m comment --comment "cali:pKraBpLCOltQGgfP" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:yG89BiNgIQXWhRbt" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.168/32 -p tcp -m comment --comment "cali:_KpeiGmQZH6I2OHO" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:YMLlu9icrA9S-RSL" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.169/32 -p tcp -m comment --comment "cali:ikQRoJlZQVyFuHxX" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:t1vtn1pqFQ56zUzQ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Wb6k-cOv-_qGCmYE" -j DROP [0:0] -A cali-po-k8s-policy-no-match -m comment --comment "cali:M1MvnGSuWnBDoJxY" -j MARK --set-xmark 0x2000000/0x2000000 [0:0] -A cali-po-k8s-policy-no-match -m comment --comment "cali:srq_4spRBeZ7r-5T" -m mark --mark 0x2000000/0x2000000 -j RETURN COMMIT # Completed on Tue Jun 25 11:34:30 2019 # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *nat :PREROUTING ACCEPT [5:300] :INPUT ACCEPT [5:300] :OUTPUT ACCEPT [1:72] :POSTROUTING ACCEPT [1:72] :KUBE-MARK-DROP - [0:0] :KUBE-MARK-MASQ - [0:0] :KUBE-NODEPORTS - [0:0] :KUBE-POSTROUTING - [0:0] :KUBE-SEP-25LSSMOQSLZO62TA - [0:0] :KUBE-SEP-37XH7CLV3AO4VPTO - [0:0] :KUBE-SEP-3EKUJOQNGD2M2BGA - [0:0] :KUBE-SEP-3L6RBXX474F3Z4BG - [0:0] :KUBE-SEP-3XKENU7WVKKTAHTV - [0:0] :KUBE-SEP-4CPLK3VL33TG4HTO - [0:0] :KUBE-SEP-5FTPLFRSUQY4SIOQ - [0:0] :KUBE-SEP-5X6UVN6ARF5TYMJ4 - [0:0] :KUBE-SEP-672TWE2WYV3V42NU - [0:0] :KUBE-SEP-6HUPMP5IVKEGRSOX - [0:0] :KUBE-SEP-6IAAQVQ44ZOHE24Z - [0:0] :KUBE-SEP-6REVSYG73P5URSNB - [0:0] :KUBE-SEP-6ZXNISWV3YFNXORO - [0:0] :KUBE-SEP-7I4E57MZAZPKXZGS - [0:0] :KUBE-SEP-7PJRSW3465VLV5NU - [0:0] :KUBE-SEP-7WCR5RS3KL7SSYNX - [0:0] :KUBE-SEP-A3FDOYOMTV6IFA3N - [0:0] :KUBE-SEP-ASQ2QWDIQ7ZRHYYI - [0:0] :KUBE-SEP-B3XSLKK24I3RV53E - [0:0] :KUBE-SEP-BDXL4HDHKUBTO2XO - [0:0] :KUBE-SEP-BNQS32RABUIOIJVK - [0:0] :KUBE-SEP-BWOHOCEO7NXRBQKX - [0:0] :KUBE-SEP-C3LNAFCTKEVSQ6LJ - [0:0] :KUBE-SEP-C5R7FJMTVBQYYP7Z - [0:0] :KUBE-SEP-DXLVQUNJLQYCSWET - [0:0] :KUBE-SEP-DXRBNUUKLAC3KWIB - [0:0] :KUBE-SEP-E2ZQLHBMIDWU2YP3 - [0:0] :KUBE-SEP-EOA4M4AMHPH5QKJT - [0:0] :KUBE-SEP-FGHQMJCOX46V3WZ2 - [0:0] :KUBE-SEP-FIBOVC4TD57T6XPA - [0:0] :KUBE-SEP-FOY767XNXR4RDOI6 - [0:0] :KUBE-SEP-FRJQKEHBA7MB5UVM - [0:0] :KUBE-SEP-GRXSJNBEO3VJVZ2W - [0:0] :KUBE-SEP-H4BGQHYNG3CGPLVW - [0:0] :KUBE-SEP-H4BYNHQBW7YIN5UR - [0:0] :KUBE-SEP-H5YF2GBSYYOZONPK - [0:0] :KUBE-SEP-H7OVKF36OOUPWBS3 - [0:0] :KUBE-SEP-HJUUBUSEBGKOPCTM - [0:0] :KUBE-SEP-HXLSTINWUTRUHRJ7 - [0:0] :KUBE-SEP-J4OBMLACPA6WS5K2 - [0:0] :KUBE-SEP-JNEYNJWMYZTT437T - [0:0] :KUBE-SEP-JSXXZF6DB47HAOTW - [0:0] :KUBE-SEP-K57A3GRJV6STKX2H - [0:0] :KUBE-SEP-KEIL5EJUTMDOSFZW - [0:0] :KUBE-SEP-KRKP52L5LZ4E2QOT - [0:0] :KUBE-SEP-L3Q7GF7UPPMSD2HY - [0:0] :KUBE-SEP-L4D2OGEMGVWTP7JS - [0:0] :KUBE-SEP-LBYINOPUCE5HODM6 - [0:0] :KUBE-SEP-LC3WK6J2636WZKTN - [0:0] :KUBE-SEP-LLGUN2HVGY5JS5NJ - [0:0] :KUBE-SEP-LLMSPSLICATSJSDJ - [0:0] :KUBE-SEP-M3WWEPPMCTB7BLDL - [0:0] :KUBE-SEP-M6G6XPJOCWGY2INP - [0:0] :KUBE-SEP-MBC2MPUBLROG7I3A - [0:0] :KUBE-SEP-MGDVL34HWYF35IL2 - [0:0] :KUBE-SEP-NGGIKPFLOKRFQXPH - [0:0] :KUBE-SEP-NOHY6L6QHZPYPHWG - [0:0] :KUBE-SEP-NWMB3KBZ55SO4LDW - [0:0] :KUBE-SEP-NZYGFMC2TZIPDQYI - [0:0] :KUBE-SEP-ODFVG6OYLLJVD7T4 - [0:0] :KUBE-SEP-OH4ZI4Z24ZVMEU7A - [0:0] :KUBE-SEP-OOO3XQXWKXK4HE2R - [0:0] :KUBE-SEP-OZAGMMTF62X6TYQ2 - [0:0] :KUBE-SEP-P4MGSHGFQGVSH3NM - [0:0] :KUBE-SEP-PAGWFB2265WTQCIC - [0:0] :KUBE-SEP-PKGEVJZHX3RODJCX - [0:0] :KUBE-SEP-PRXHS5433PGAISX2 - [0:0] :KUBE-SEP-PUIGW4Z6VOZ47WPX - [0:0] :KUBE-SEP-Q4Y6Y2T5SC4L3ITY - [0:0] :KUBE-SEP-Q56HMF344MPJWT4N - [0:0] :KUBE-SEP-QJ5NJAP27DT3Y6BW - [0:0] :KUBE-SEP-QLQMIE7ND3HQXXSI - [0:0] :KUBE-SEP-QPG23T44FP3FIDLH - [0:0] :KUBE-SEP-QPIEZFPXHK6GCHT2 - [0:0] :KUBE-SEP-QPYEN6HCUXSL5G43 - [0:0] :KUBE-SEP-QY7CLEY555P7WTSA - [0:0] :KUBE-SEP-QZU2LZJGBHV64WIQ - [0:0] :KUBE-SEP-R3USABFTJMEYATSS - [0:0] :KUBE-SEP-R4EBIWO76BY36ELS - [0:0] :KUBE-SEP-R4JOXQKX5IRJ4KVL - [0:0] :KUBE-SEP-ROUVUHRDDVRJBXBV - [0:0] :KUBE-SEP-RX4SR3MBS6J4RAIK - [0:0] :KUBE-SEP-TDMOM3ZAQQ6N532C - [0:0] :KUBE-SEP-TPOSC7WXJITSQNHM - [0:0] :KUBE-SEP-TW4OGVF4RTJE2MBJ - [0:0] :KUBE-SEP-UEHXHNDAZAWFMOPS - [0:0] :KUBE-SEP-VL4LXG4OAORE3CWW - [0:0] :KUBE-SEP-VP4EPI7HTHD3HIZF - [0:0] :KUBE-SEP-VZPQ5V7QXI33EFX5 - [0:0] :KUBE-SEP-WLCWSJ6G6KPUKCTB - [0:0] :KUBE-SEP-WLOYGDKBV4B467JJ - [0:0] :KUBE-SEP-WTEZWP5RZCIFRRS7 - [0:0] :KUBE-SEP-X2ULFOFAP7OVK5OP - [0:0] :KUBE-SEP-XI367GG7YMDARCAO - [0:0] :KUBE-SEP-XKI3TJGTHQZ6FGXF - [0:0] :KUBE-SEP-XUAM56NCWKNL6LHH - [0:0] :KUBE-SEP-YA7SBWUN4B5LAFV5 - [0:0] :KUBE-SEP-YCAYGVFQO7FM2V2R - [0:0] :KUBE-SEP-YD3MMCY7YRZ23KFM - [0:0] :KUBE-SEP-YVA6LAHWBG2UT37Y - [0:0] :KUBE-SEP-ZMIUBM46KUTPJX45 - [0:0] :KUBE-SEP-ZMQPWJGXRHHFTNJ6 - [0:0] :KUBE-SEP-ZWXI7KAWCMWY5YZZ - [0:0] :KUBE-SERVICES - [0:0] :KUBE-SVC-3GG4OIWB5POCZRIS - [0:0] :KUBE-SVC-3HSQGWIEZXY7TPFA - [0:0] :KUBE-SVC-4VZL3NYK6BUMJQT6 - [0:0] :KUBE-SVC-DRPZW2JLXFVEZV24 - [0:0] :KUBE-SVC-EWFWE2MZVAZUSDCJ - [0:0] :KUBE-SVC-F5V6EFTAING42ZST - [0:0] :KUBE-SVC-HKUKEOV3LVLACIYS - [0:0] :KUBE-SVC-IRYOTVULVUBKGSRV - [0:0] :KUBE-SVC-JUYW2F7ZNGJYSNZY - [0:0] :KUBE-SVC-JVHX5TUQGN5CUHRG - [0:0] :KUBE-SVC-LY6VP7FXLCW5URNS - [0:0] :KUBE-SVC-NDENSWNKXLPSX4C5 - [0:0] :KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0] :KUBE-SVC-OYLCDZV7ODXZU5HU - [0:0] :KUBE-SVC-QVZRDVB2OIGPY6VN - [0:0] :KUBE-SVC-RBHDTOMHMN6RWXBU - [0:0] :KUBE-SVC-UGDSQCEEXPFQV43I - [0:0] :KUBE-SVC-VFNCZS3JSCJ4MQUE - [0:0] :KUBE-SVC-WMPCKM4KQAWYURGE - [0:0] :KUBE-SVC-XRV6LW34NCGJEJCY - [0:0] :cali-OUTPUT - [0:0] :cali-POSTROUTING - [0:0] :cali-PREROUTING - [0:0] :cali-fip-dnat - [0:0] :cali-fip-snat - [0:0] :cali-nat-outgoing - [0:0] [21418294:1299478781] -A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES [0:0] -A OUTPUT -p icmp -m icmp --icmp-type 5 -j LOG [5599491:336270166] -A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES [26616752:1611309579] -A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING [0:0] -A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000 [419439:25166340] -A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000 [18989:1139340] -A KUBE-NODEPORTS -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp --dport 1970 -j KUBE-MARK-MASQ [18989:1139340] -A KUBE-NODEPORTS -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp --dport 1970 -j KUBE-SVC-F5V6EFTAING42ZST [1636:98160] -A KUBE-NODEPORTS -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp --dport 1969 -j KUBE-MARK-MASQ [1636:98160] -A KUBE-NODEPORTS -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp --dport 1969 -j KUBE-SVC-RBHDTOMHMN6RWXBU [16156:969360] -A KUBE-NODEPORTS -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp --dport 8081 -j KUBE-MARK-MASQ [16156:969360] -A KUBE-NODEPORTS -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp --dport 8081 -j KUBE-SVC-WMPCKM4KQAWYURGE [310818:18649080] -A KUBE-NODEPORTS -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp --dport 31192 -j KUBE-MARK-MASQ [310818:18649080] -A KUBE-NODEPORTS -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp --dport 31192 -j KUBE-SVC-HKUKEOV3LVLACIYS [17349:1040940] -A KUBE-NODEPORTS -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp --dport 8080 -j KUBE-MARK-MASQ [17349:1040940] -A KUBE-NODEPORTS -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp --dport 8080 -j KUBE-SVC-QVZRDVB2OIGPY6VN [18343:1100580] -A KUBE-NODEPORTS -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp --dport 32192 -j KUBE-MARK-MASQ [18343:1100580] -A KUBE-NODEPORTS -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp --dport 32192 -j KUBE-SVC-LY6VP7FXLCW5URNS [296:17760] -A KUBE-NODEPORTS -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp --dport 8748 -j KUBE-MARK-MASQ [296:17760] -A KUBE-NODEPORTS -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp --dport 8748 -j KUBE-SVC-EWFWE2MZVAZUSDCJ [16646:998760] -A KUBE-NODEPORTS -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp --dport 3030 -j KUBE-MARK-MASQ [16646:998760] -A KUBE-NODEPORTS -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp --dport 3030 -j KUBE-SVC-JVHX5TUQGN5CUHRG [19206:1152360] -A KUBE-NODEPORTS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp --dport 10042 -j KUBE-MARK-MASQ [19206:1152360] -A KUBE-NODEPORTS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp --dport 10042 -j KUBE-SVC-3GG4OIWB5POCZRIS [419439:25166340] -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE [0:0] -A KUBE-SEP-25LSSMOQSLZO62TA -s 10.192.64.212/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15428:925680] -A KUBE-SEP-25LSSMOQSLZO62TA -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.212:8192 [0:0] -A KUBE-SEP-37XH7CLV3AO4VPTO -s 10.192.64.219/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [648:38880] -A KUBE-SEP-37XH7CLV3AO4VPTO -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.219:10044 [0:0] -A KUBE-SEP-3EKUJOQNGD2M2BGA -s 10.192.64.229/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15519:931140] -A KUBE-SEP-3EKUJOQNGD2M2BGA -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.229:8192 [0:0] -A KUBE-SEP-3L6RBXX474F3Z4BG -s 10.192.64.216/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [668:40080] -A KUBE-SEP-3L6RBXX474F3Z4BG -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.216:10044 [0:0] -A KUBE-SEP-3XKENU7WVKKTAHTV -s 10.192.64.89/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15812:948720] -A KUBE-SEP-3XKENU7WVKKTAHTV -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.89:8192 [0:0] -A KUBE-SEP-4CPLK3VL33TG4HTO -s 10.192.64.174/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [678:40680] -A KUBE-SEP-4CPLK3VL33TG4HTO -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.174:10044 [0:0] -A KUBE-SEP-5FTPLFRSUQY4SIOQ -s 10.192.64.247/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [158:9480] -A KUBE-SEP-5FTPLFRSUQY4SIOQ -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.247:1969 [0:0] -A KUBE-SEP-5X6UVN6ARF5TYMJ4 -s 10.192.64.204/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15403:924180] -A KUBE-SEP-5X6UVN6ARF5TYMJ4 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.204:8192 [0:0] -A KUBE-SEP-672TWE2WYV3V42NU -s 10.192.64.224/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [608:36480] -A KUBE-SEP-672TWE2WYV3V42NU -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.224:10044 [0:0] -A KUBE-SEP-6HUPMP5IVKEGRSOX -s 10.192.64.244/32 -m comment --comment "termbox/termbox-production:http" -j KUBE-MARK-MASQ [4207:252420] -A KUBE-SEP-6HUPMP5IVKEGRSOX -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp -j DNAT --to-destination 10.192.64.244:3030 [0:0] -A KUBE-SEP-6IAAQVQ44ZOHE24Z -s 10.192.65.194/32 -m comment --comment "sessionstore/kask-production:http" -j KUBE-MARK-MASQ [4047:242820] -A KUBE-SEP-6IAAQVQ44ZOHE24Z -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp -j DNAT --to-destination 10.192.65.194:8081 [0:0] -A KUBE-SEP-6REVSYG73P5URSNB -s 10.192.64.228/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [659:39540] -A KUBE-SEP-6REVSYG73P5URSNB -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.228:10044 [0:0] -A KUBE-SEP-6ZXNISWV3YFNXORO -s 10.192.64.233/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [632:37920] -A KUBE-SEP-6ZXNISWV3YFNXORO -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.233:10044 [0:0] -A KUBE-SEP-7I4E57MZAZPKXZGS -s 10.192.64.176/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [668:40080] -A KUBE-SEP-7I4E57MZAZPKXZGS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.176:10044 [0:0] -A KUBE-SEP-7PJRSW3465VLV5NU -s 10.192.64.91/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [629:37740] -A KUBE-SEP-7PJRSW3465VLV5NU -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.91:10044 [0:0] -A KUBE-SEP-7WCR5RS3KL7SSYNX -s 10.192.64.131/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [162:9720] -A KUBE-SEP-7WCR5RS3KL7SSYNX -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.131:1969 [0:0] -A KUBE-SEP-A3FDOYOMTV6IFA3N -s 10.192.64.99/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [631:37860] -A KUBE-SEP-A3FDOYOMTV6IFA3N -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.99:10044 [0:0] -A KUBE-SEP-ASQ2QWDIQ7ZRHYYI -s 10.192.64.220/32 -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-MARK-MASQ [65:3900] -A KUBE-SEP-ASQ2QWDIQ7ZRHYYI -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.220:8748 [0:0] -A KUBE-SEP-B3XSLKK24I3RV53E -s 10.192.64.116/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [192:11520] -A KUBE-SEP-B3XSLKK24I3RV53E -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.116:1969 [0:0] -A KUBE-SEP-BDXL4HDHKUBTO2XO -s 10.192.64.119/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2197:131820] -A KUBE-SEP-BDXL4HDHKUBTO2XO -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.119:8080 [0:0] -A KUBE-SEP-BNQS32RABUIOIJVK -s 10.192.16.26/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-BNQS32RABUIOIJVK -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-BNQS32RABUIOIJVK --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.192.16.26:6443 [0:0] -A KUBE-SEP-BWOHOCEO7NXRBQKX -s 10.192.64.183/32 -m comment --comment "eventgate-analytics/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-BWOHOCEO7NXRBQKX -p tcp -m comment --comment "eventgate-analytics/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.183:44134 [0:0] -A KUBE-SEP-C3LNAFCTKEVSQ6LJ -s 10.192.64.123/32 -m comment --comment "termbox/termbox-production:http" -j KUBE-MARK-MASQ [4230:253800] -A KUBE-SEP-C3LNAFCTKEVSQ6LJ -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp -j DNAT --to-destination 10.192.64.123:3030 [0:0] -A KUBE-SEP-C5R7FJMTVBQYYP7Z -s 10.192.64.209/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15389:923340] -A KUBE-SEP-C5R7FJMTVBQYYP7Z -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.209:8192 [0:0] -A KUBE-SEP-DXLVQUNJLQYCSWET -s 10.192.64.86/32 -m comment --comment "cxserver/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-DXLVQUNJLQYCSWET -p tcp -m comment --comment "cxserver/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.86:44134 [0:0] -A KUBE-SEP-DXRBNUUKLAC3KWIB -s 10.192.64.122/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [174:10440] -A KUBE-SEP-DXRBNUUKLAC3KWIB -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.122:1969 [0:0] -A KUBE-SEP-E2ZQLHBMIDWU2YP3 -s 10.192.64.163/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [646:38760] -A KUBE-SEP-E2ZQLHBMIDWU2YP3 -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.163:10044 [0:0] -A KUBE-SEP-EOA4M4AMHPH5QKJT -s 10.192.64.95/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15714:942840] -A KUBE-SEP-EOA4M4AMHPH5QKJT -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.95:8192 [0:0] -A KUBE-SEP-FGHQMJCOX46V3WZ2 -s 10.192.64.203/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15493:929580] -A KUBE-SEP-FGHQMJCOX46V3WZ2 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.203:8192 [0:0] -A KUBE-SEP-FIBOVC4TD57T6XPA -s 10.192.65.193/32 -m comment --comment "sessionstore/kask-production:http" -j KUBE-MARK-MASQ [3987:239220] -A KUBE-SEP-FIBOVC4TD57T6XPA -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp -j DNAT --to-destination 10.192.65.193:8081 [0:0] -A KUBE-SEP-FOY767XNXR4RDOI6 -s 10.192.64.227/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [651:39060] -A KUBE-SEP-FOY767XNXR4RDOI6 -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.227:10044 [0:0] -A KUBE-SEP-FRJQKEHBA7MB5UVM -s 10.192.64.92/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2375:142500] -A KUBE-SEP-FRJQKEHBA7MB5UVM -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.92:1970 [0:0] -A KUBE-SEP-GRXSJNBEO3VJVZ2W -s 10.192.65.2/32 -m comment --comment "sessionstore/kask-production:http" -j KUBE-MARK-MASQ [4049:242940] -A KUBE-SEP-GRXSJNBEO3VJVZ2W -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp -j DNAT --to-destination 10.192.65.2:8081 [0:0] -A KUBE-SEP-H4BGQHYNG3CGPLVW -s 10.192.64.179/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [676:40560] -A KUBE-SEP-H4BGQHYNG3CGPLVW -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.179:10044 [0:0] -A KUBE-SEP-H4BYNHQBW7YIN5UR -s 10.192.64.217/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [641:38460] -A KUBE-SEP-H4BYNHQBW7YIN5UR -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.217:10044 [0:0] -A KUBE-SEP-H5YF2GBSYYOZONPK -s 10.192.64.184/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15576:934560] -A KUBE-SEP-H5YF2GBSYYOZONPK -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.184:8192 [0:0] -A KUBE-SEP-H7OVKF36OOUPWBS3 -s 10.192.64.98/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [647:38820] -A KUBE-SEP-H7OVKF36OOUPWBS3 -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.98:10044 [0:0] -A KUBE-SEP-HJUUBUSEBGKOPCTM -s 10.192.64.133/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [159:9540] -A KUBE-SEP-HJUUBUSEBGKOPCTM -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.133:1969 [0:0] -A KUBE-SEP-HXLSTINWUTRUHRJ7 -s 10.192.64.230/32 -m comment --comment "termbox/termbox-production:http" -j KUBE-MARK-MASQ [4032:241920] -A KUBE-SEP-HXLSTINWUTRUHRJ7 -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp -j DNAT --to-destination 10.192.64.230:3030 [0:0] -A KUBE-SEP-J4OBMLACPA6WS5K2 -s 10.192.64.65/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15743:944580] -A KUBE-SEP-J4OBMLACPA6WS5K2 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.65:8192 [0:0] -A KUBE-SEP-JNEYNJWMYZTT437T -s 10.192.64.132/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [623:37380] -A KUBE-SEP-JNEYNJWMYZTT437T -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.132:10044 [0:0] -A KUBE-SEP-JSXXZF6DB47HAOTW -s 10.192.64.166/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2382:142920] -A KUBE-SEP-JSXXZF6DB47HAOTW -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.166:1970 [0:0] -A KUBE-SEP-K57A3GRJV6STKX2H -s 10.192.64.169/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [631:37860] -A KUBE-SEP-K57A3GRJV6STKX2H -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.169:10044 [0:0] -A KUBE-SEP-KEIL5EJUTMDOSFZW -s 10.192.64.208/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2102:126120] -A KUBE-SEP-KEIL5EJUTMDOSFZW -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.208:8080 [0:0] -A KUBE-SEP-KRKP52L5LZ4E2QOT -s 10.192.64.187/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15584:935040] -A KUBE-SEP-KRKP52L5LZ4E2QOT -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.187:8192 [0:0] -A KUBE-SEP-L3Q7GF7UPPMSD2HY -s 10.192.64.77/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [674:40440] -A KUBE-SEP-L3Q7GF7UPPMSD2HY -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.77:10044 [0:0] -A KUBE-SEP-L4D2OGEMGVWTP7JS -s 10.192.64.74/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15463:927780] -A KUBE-SEP-L4D2OGEMGVWTP7JS -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.74:8192 [0:0] -A KUBE-SEP-LBYINOPUCE5HODM6 -s 10.192.0.93/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-LBYINOPUCE5HODM6 -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-LBYINOPUCE5HODM6 --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.192.0.93:6443 [0:0] -A KUBE-SEP-LC3WK6J2636WZKTN -s 10.192.64.168/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2104:126240] -A KUBE-SEP-LC3WK6J2636WZKTN -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.168:8080 [0:0] -A KUBE-SEP-LLGUN2HVGY5JS5NJ -s 10.192.64.118/32 -m comment --comment "graphoid/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-LLGUN2HVGY5JS5NJ -p tcp -m comment --comment "graphoid/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.118:44134 [0:0] -A KUBE-SEP-LLMSPSLICATSJSDJ -s 10.192.64.117/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [165:9900] -A KUBE-SEP-LLMSPSLICATSJSDJ -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.117:1969 [0:0] -A KUBE-SEP-M3WWEPPMCTB7BLDL -s 10.192.64.185/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15623:937380] -A KUBE-SEP-M3WWEPPMCTB7BLDL -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.185:8192 [0:0] -A KUBE-SEP-M6G6XPJOCWGY2INP -s 10.192.64.127/32 -m comment --comment "eventgate-main/eventgate-main:http" -j KUBE-MARK-MASQ [6051:363060] -A KUBE-SEP-M6G6XPJOCWGY2INP -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp -j DNAT --to-destination 10.192.64.127:8192 [0:0] -A KUBE-SEP-MBC2MPUBLROG7I3A -s 10.192.64.101/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [637:38220] -A KUBE-SEP-MBC2MPUBLROG7I3A -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.101:10044 [0:0] -A KUBE-SEP-MGDVL34HWYF35IL2 -s 10.192.64.253/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [169:10140] -A KUBE-SEP-MGDVL34HWYF35IL2 -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.253:1969 [0:0] -A KUBE-SEP-NGGIKPFLOKRFQXPH -s 10.192.64.139/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2164:129840] -A KUBE-SEP-NGGIKPFLOKRFQXPH -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.139:8080 [0:0] -A KUBE-SEP-NOHY6L6QHZPYPHWG -s 10.192.64.190/32 -m comment --comment "eventgate-main/eventgate-main:http" -j KUBE-MARK-MASQ [6200:372000] -A KUBE-SEP-NOHY6L6QHZPYPHWG -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp -j DNAT --to-destination 10.192.64.190:8192 [0:0] -A KUBE-SEP-NWMB3KBZ55SO4LDW -s 10.192.64.82/32 -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-MARK-MASQ [66:3960] -A KUBE-SEP-NWMB3KBZ55SO4LDW -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.82:8748 [0:0] -A KUBE-SEP-NZYGFMC2TZIPDQYI -s 10.192.64.177/32 -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-MARK-MASQ [84:5040] -A KUBE-SEP-NZYGFMC2TZIPDQYI -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.177:8748 [0:0] -A KUBE-SEP-ODFVG6OYLLJVD7T4 -s 10.192.64.85/32 -m comment --comment "blubberoid/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-ODFVG6OYLLJVD7T4 -p tcp -m comment --comment "blubberoid/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.85:44134 [0:0] -A KUBE-SEP-OH4ZI4Z24ZVMEU7A -s 10.192.64.188/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15541:932460] -A KUBE-SEP-OH4ZI4Z24ZVMEU7A -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.188:8192 [0:0] -A KUBE-SEP-OOO3XQXWKXK4HE2R -s 10.192.64.154/32 -m comment --comment "zotero/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-OOO3XQXWKXK4HE2R -p tcp -m comment --comment "zotero/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.154:44134 [0:0] -A KUBE-SEP-OZAGMMTF62X6TYQ2 -s 10.192.64.172/32 -m comment --comment "termbox/termbox-production:http" -j KUBE-MARK-MASQ [4177:250620] -A KUBE-SEP-OZAGMMTF62X6TYQ2 -p tcp -m comment --comment "termbox/termbox-production:http" -m tcp -j DNAT --to-destination 10.192.64.172:3030 [0:0] -A KUBE-SEP-P4MGSHGFQGVSH3NM -s 10.192.64.222/32 -m comment --comment "eventgate-main/eventgate-main:http" -j KUBE-MARK-MASQ [6092:365520] -A KUBE-SEP-P4MGSHGFQGVSH3NM -p tcp -m comment --comment "eventgate-main/eventgate-main:http" -m tcp -j DNAT --to-destination 10.192.64.222:8192 [0:0] -A KUBE-SEP-PAGWFB2265WTQCIC -s 10.192.64.221/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [614:36840] -A KUBE-SEP-PAGWFB2265WTQCIC -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.221:10044 [0:0] -A KUBE-SEP-PKGEVJZHX3RODJCX -s 10.192.64.96/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2398:143880] -A KUBE-SEP-PKGEVJZHX3RODJCX -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.96:1970 [0:0] -A KUBE-SEP-PRXHS5433PGAISX2 -s 10.192.64.193/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2471:148260] -A KUBE-SEP-PRXHS5433PGAISX2 -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.193:1970 [0:0] -A KUBE-SEP-PUIGW4Z6VOZ47WPX -s 10.192.64.140/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [157:9420] -A KUBE-SEP-PUIGW4Z6VOZ47WPX -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.140:1969 [0:0] -A KUBE-SEP-Q4Y6Y2T5SC4L3ITY -s 10.192.64.165/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2241:134460] -A KUBE-SEP-Q4Y6Y2T5SC4L3ITY -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.165:8080 [0:0] -A KUBE-SEP-Q56HMF344MPJWT4N -s 10.192.64.156/32 -m comment --comment "sessionstore/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-Q56HMF344MPJWT4N -p tcp -m comment --comment "sessionstore/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.156:44134 [0:0] -A KUBE-SEP-QJ5NJAP27DT3Y6BW -s 10.192.64.157/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [640:38400] -A KUBE-SEP-QJ5NJAP27DT3Y6BW -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.157:10044 [0:0] -A KUBE-SEP-QLQMIE7ND3HQXXSI -s 10.192.64.153/32 -m comment --comment "eventgate-main/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-QLQMIE7ND3HQXXSI -p tcp -m comment --comment "eventgate-main/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.153:44134 [0:0] -A KUBE-SEP-QPG23T44FP3FIDLH -s 10.192.64.215/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2382:142920] -A KUBE-SEP-QPG23T44FP3FIDLH -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.215:1970 [0:0] -A KUBE-SEP-QPIEZFPXHK6GCHT2 -s 10.192.64.223/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [636:38160] -A KUBE-SEP-QPIEZFPXHK6GCHT2 -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.223:10044 [0:0] -A KUBE-SEP-QPYEN6HCUXSL5G43 -s 10.192.64.68/32 -m comment --comment "mathoid/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-QPYEN6HCUXSL5G43 -p tcp -m comment --comment "mathoid/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.68:44134 [0:0] -A KUBE-SEP-QY7CLEY555P7WTSA -s 10.192.64.79/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [639:38340] -A KUBE-SEP-QY7CLEY555P7WTSA -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.79:10044 [0:0] -A KUBE-SEP-QZU2LZJGBHV64WIQ -s 10.192.64.71/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [613:36780] -A KUBE-SEP-QZU2LZJGBHV64WIQ -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.71:10044 [0:0] -A KUBE-SEP-R3USABFTJMEYATSS -s 10.192.64.100/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [661:39660] -A KUBE-SEP-R3USABFTJMEYATSS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.100:10044 [0:0] -A KUBE-SEP-R4EBIWO76BY36ELS -s 10.192.64.158/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15564:933840] -A KUBE-SEP-R4EBIWO76BY36ELS -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.158:8192 [0:0] -A KUBE-SEP-R4JOXQKX5IRJ4KVL -s 10.192.64.198/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2151:129060] -A KUBE-SEP-R4JOXQKX5IRJ4KVL -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.198:8080 [0:0] -A KUBE-SEP-ROUVUHRDDVRJBXBV -s 10.192.64.226/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [576:34560] -A KUBE-SEP-ROUVUHRDDVRJBXBV -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.226:10044 [0:0] -A KUBE-SEP-RX4SR3MBS6J4RAIK -s 10.192.64.199/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2326:139560] -A KUBE-SEP-RX4SR3MBS6J4RAIK -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.199:1970 [0:0] -A KUBE-SEP-TDMOM3ZAQQ6N532C -s 10.192.64.97/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2177:130620] -A KUBE-SEP-TDMOM3ZAQQ6N532C -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.97:8080 [0:0] -A KUBE-SEP-TPOSC7WXJITSQNHM -s 10.192.64.218/32 -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-MARK-MASQ [81:4860] -A KUBE-SEP-TPOSC7WXJITSQNHM -p tcp -m comment --comment "blubberoid/blubberoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.218:8748 [0:0] -A KUBE-SEP-TW4OGVF4RTJE2MBJ -s 10.192.64.192/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15377:922620] -A KUBE-SEP-TW4OGVF4RTJE2MBJ -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.192:8192 [0:0] -A KUBE-SEP-UEHXHNDAZAWFMOPS -s 10.192.64.186/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [662:39720] -A KUBE-SEP-UEHXHNDAZAWFMOPS -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.186:10044 [0:0] -A KUBE-SEP-VL4LXG4OAORE3CWW -s 10.192.64.161/32 -m comment --comment "citoid/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-VL4LXG4OAORE3CWW -p tcp -m comment --comment "citoid/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.161:44134 [0:0] -A KUBE-SEP-VP4EPI7HTHD3HIZF -s 10.192.64.93/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [620:37200] -A KUBE-SEP-VP4EPI7HTHD3HIZF -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.93:10044 [0:0] -A KUBE-SEP-VZPQ5V7QXI33EFX5 -s 10.192.64.182/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2303:138180] -A KUBE-SEP-VZPQ5V7QXI33EFX5 -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.182:1970 [0:0] -A KUBE-SEP-WLCWSJ6G6KPUKCTB -s 10.192.64.64/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15298:917880] -A KUBE-SEP-WLCWSJ6G6KPUKCTB -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.64:8192 [0:0] -A KUBE-SEP-WLOYGDKBV4B467JJ -s 10.192.64.171/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [664:39840] -A KUBE-SEP-WLOYGDKBV4B467JJ -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.171:10044 [0:0] -A KUBE-SEP-WTEZWP5RZCIFRRS7 -s 10.192.64.160/32 -m comment --comment "termbox/tiller-deploy:tiller" -j KUBE-MARK-MASQ [0:0] -A KUBE-SEP-WTEZWP5RZCIFRRS7 -p tcp -m comment --comment "termbox/tiller-deploy:tiller" -m tcp -j DNAT --to-destination 10.192.64.160:44134 [0:0] -A KUBE-SEP-X2ULFOFAP7OVK5OP -s 10.192.64.248/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [172:10320] -A KUBE-SEP-X2ULFOFAP7OVK5OP -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.248:1969 [0:0] -A KUBE-SEP-XI367GG7YMDARCAO -s 10.192.64.102/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [618:37080] -A KUBE-SEP-XI367GG7YMDARCAO -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.102:10044 [0:0] -A KUBE-SEP-XKI3TJGTHQZ6FGXF -s 10.192.64.76/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15602:936120] -A KUBE-SEP-XKI3TJGTHQZ6FGXF -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.76:8192 [0:0] -A KUBE-SEP-XUAM56NCWKNL6LHH -s 10.192.64.134/32 -m comment --comment "mathoid/mathoid-production:http" -j KUBE-MARK-MASQ [616:36960] -A KUBE-SEP-XUAM56NCWKNL6LHH -p tcp -m comment --comment "mathoid/mathoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.134:10044 [0:0] -A KUBE-SEP-YA7SBWUN4B5LAFV5 -s 10.192.64.141/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15351:921060] -A KUBE-SEP-YA7SBWUN4B5LAFV5 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.141:8192 [0:0] -A KUBE-SEP-YCAYGVFQO7FM2V2R -s 10.192.65.3/32 -m comment --comment "sessionstore/kask-production:http" -j KUBE-MARK-MASQ [4073:244380] -A KUBE-SEP-YCAYGVFQO7FM2V2R -p tcp -m comment --comment "sessionstore/kask-production:http" -m tcp -j DNAT --to-destination 10.192.65.3:8081 [0:0] -A KUBE-SEP-YD3MMCY7YRZ23KFM -s 10.192.64.152/32 -m comment --comment "citoid/citoid-production:http" -j KUBE-MARK-MASQ [2352:141120] -A KUBE-SEP-YD3MMCY7YRZ23KFM -p tcp -m comment --comment "citoid/citoid-production:http" -m tcp -j DNAT --to-destination 10.192.64.152:1970 [0:0] -A KUBE-SEP-YVA6LAHWBG2UT37Y -s 10.192.64.148/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15707:942420] -A KUBE-SEP-YVA6LAHWBG2UT37Y -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.148:8192 [0:0] -A KUBE-SEP-ZMIUBM46KUTPJX45 -s 10.192.64.250/32 -m comment --comment "zotero/zotero-production:http" -j KUBE-MARK-MASQ [128:7680] -A KUBE-SEP-ZMIUBM46KUTPJX45 -p tcp -m comment --comment "zotero/zotero-production:http" -m tcp -j DNAT --to-destination 10.192.64.250:1969 [0:0] -A KUBE-SEP-ZMQPWJGXRHHFTNJ6 -s 10.192.64.213/32 -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-MARK-MASQ [15631:937860] -A KUBE-SEP-ZMQPWJGXRHHFTNJ6 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m tcp -j DNAT --to-destination 10.192.64.213:8192 [0:0] -A KUBE-SEP-ZWXI7KAWCMWY5YZZ -s 10.192.64.214/32 -m comment --comment "cxserver/cxserver-production:http" -j KUBE-MARK-MASQ [2213:132780] -A KUBE-SEP-ZWXI7KAWCMWY5YZZ -p tcp -m comment --comment "cxserver/cxserver-production:http" -m tcp -j DNAT --to-destination 10.192.64.214:8080 [0:0] -A KUBE-SERVICES -d 10.192.72.127/32 -p tcp -m comment --comment "graphoid/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-JUYW2F7ZNGJYSNZY [0:0] -A KUBE-SERVICES -d 10.192.72.206/32 -p tcp -m comment --comment "sessionstore/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-VFNCZS3JSCJ4MQUE [0:0] -A KUBE-SERVICES -d 10.192.72.218/32 -p tcp -m comment --comment "eventgate-main/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-OYLCDZV7ODXZU5HU [0:0] -A KUBE-SERVICES -d 10.192.72.225/32 -p tcp -m comment --comment "mathoid/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-XRV6LW34NCGJEJCY [0:0] -A KUBE-SERVICES -d 10.192.72.126/32 -p tcp -m comment --comment "citoid/citoid-production:http cluster IP" -m tcp --dport 1970 -j KUBE-SVC-F5V6EFTAING42ZST [0:0] -A KUBE-SERVICES -d 10.192.72.246/32 -p tcp -m comment --comment "blubberoid/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-4VZL3NYK6BUMJQT6 [0:0] -A KUBE-SERVICES -d 10.192.72.2/32 -p tcp -m comment --comment "zotero/zotero-production:http cluster IP" -m tcp --dport 1969 -j KUBE-SVC-RBHDTOMHMN6RWXBU [0:0] -A KUBE-SERVICES -d 10.192.72.133/32 -p tcp -m comment --comment "citoid/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-NDENSWNKXLPSX4C5 [0:0] -A KUBE-SERVICES -d 10.192.72.97/32 -p tcp -m comment --comment "sessionstore/kask-production:http cluster IP" -m tcp --dport 8081 -j KUBE-SVC-WMPCKM4KQAWYURGE [0:0] -A KUBE-SERVICES -d 10.192.72.252/32 -p tcp -m comment --comment "eventgate-analytics/eventgate-analytics:http cluster IP" -m tcp --dport 8192 -j KUBE-SVC-HKUKEOV3LVLACIYS [0:0] -A KUBE-SERVICES -d 10.192.72.87/32 -p tcp -m comment --comment "cxserver/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-IRYOTVULVUBKGSRV [0:0] -A KUBE-SERVICES -d 10.192.72.125/32 -p tcp -m comment --comment "cxserver/cxserver-production:http cluster IP" -m tcp --dport 8080 -j KUBE-SVC-QVZRDVB2OIGPY6VN [0:0] -A KUBE-SERVICES -d 10.192.72.115/32 -p tcp -m comment --comment "zotero/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-3HSQGWIEZXY7TPFA [0:0] -A KUBE-SERVICES -d 10.192.72.78/32 -p tcp -m comment --comment "termbox/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-DRPZW2JLXFVEZV24 [0:0] -A KUBE-SERVICES -d 10.192.72.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y [0:0] -A KUBE-SERVICES -d 10.192.72.74/32 -p tcp -m comment --comment "eventgate-main/eventgate-main:http cluster IP" -m tcp --dport 8192 -j KUBE-SVC-LY6VP7FXLCW5URNS [0:0] -A KUBE-SERVICES -d 10.192.72.249/32 -p tcp -m comment --comment "blubberoid/blubberoid-production:http cluster IP" -m tcp --dport 8748 -j KUBE-SVC-EWFWE2MZVAZUSDCJ [0:0] -A KUBE-SERVICES -d 10.192.72.141/32 -p tcp -m comment --comment "eventgate-analytics/tiller-deploy:tiller cluster IP" -m tcp --dport 44134 -j KUBE-SVC-UGDSQCEEXPFQV43I [0:0] -A KUBE-SERVICES -d 10.192.72.139/32 -p tcp -m comment --comment "termbox/termbox-production:http cluster IP" -m tcp --dport 3030 -j KUBE-SVC-JVHX5TUQGN5CUHRG [0:0] -A KUBE-SERVICES -d 10.192.72.113/32 -p tcp -m comment --comment "mathoid/mathoid-production:http cluster IP" -m tcp --dport 10044 -j KUBE-SVC-3GG4OIWB5POCZRIS [437935:26292374] -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS [661:39660] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03333000001 -j KUBE-SEP-R3USABFTJMEYATSS [637:38220] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03447999991 -j KUBE-SEP-MBC2MPUBLROG7I3A [618:37080] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03570999997 -j KUBE-SEP-XI367GG7YMDARCAO [623:37380] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03703999985 -j KUBE-SEP-JNEYNJWMYZTT437T [616:36960] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.03845999995 -j KUBE-SEP-XUAM56NCWKNL6LHH [640:38400] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04000000004 -j KUBE-SEP-QJ5NJAP27DT3Y6BW [646:38760] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04167000018 -j KUBE-SEP-E2ZQLHBMIDWU2YP3 [631:37860] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04347999999 -j KUBE-SEP-K57A3GRJV6STKX2H [664:39840] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04545000009 -j KUBE-SEP-WLOYGDKBV4B467JJ [678:40680] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04761999985 -j KUBE-SEP-4CPLK3VL33TG4HTO [668:40080] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.04999999981 -j KUBE-SEP-7I4E57MZAZPKXZGS [676:40560] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.05262999982 -j KUBE-SEP-H4BGQHYNG3CGPLVW [662:39720] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.05555999978 -j KUBE-SEP-UEHXHNDAZAWFMOPS [668:40080] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.05881999992 -j KUBE-SEP-3L6RBXX474F3Z4BG [641:38460] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.06250000000 -j KUBE-SEP-H4BYNHQBW7YIN5UR [648:38880] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.06667000009 -j KUBE-SEP-37XH7CLV3AO4VPTO [614:36840] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.07143000001 -j KUBE-SEP-PAGWFB2265WTQCIC [636:38160] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.07691999990 -j KUBE-SEP-QPIEZFPXHK6GCHT2 [608:36480] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.08332999982 -j KUBE-SEP-672TWE2WYV3V42NU [576:34560] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.09090999980 -j KUBE-SEP-ROUVUHRDDVRJBXBV [651:39060] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.10000000009 -j KUBE-SEP-FOY767XNXR4RDOI6 [659:39540] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.11110999994 -j KUBE-SEP-6REVSYG73P5URSNB [632:37920] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-6ZXNISWV3YFNXORO [613:36780] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-QZU2LZJGBHV64WIQ [674:40440] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-L3Q7GF7UPPMSD2HY [639:38340] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-QY7CLEY555P7WTSA [629:37740] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-7PJRSW3465VLV5NU [620:37200] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-VP4EPI7HTHD3HIZF [647:38820] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-H7OVKF36OOUPWBS3 [631:37860] -A KUBE-SVC-3GG4OIWB5POCZRIS -m comment --comment "mathoid/mathoid-production:http" -j KUBE-SEP-A3FDOYOMTV6IFA3N [0:0] -A KUBE-SVC-3HSQGWIEZXY7TPFA -m comment --comment "zotero/tiller-deploy:tiller" -j KUBE-SEP-OOO3XQXWKXK4HE2R [0:0] -A KUBE-SVC-4VZL3NYK6BUMJQT6 -m comment --comment "blubberoid/tiller-deploy:tiller" -j KUBE-SEP-ODFVG6OYLLJVD7T4 [0:0] -A KUBE-SVC-DRPZW2JLXFVEZV24 -m comment --comment "termbox/tiller-deploy:tiller" -j KUBE-SEP-WTEZWP5RZCIFRRS7 [84:5040] -A KUBE-SVC-EWFWE2MZVAZUSDCJ -m comment --comment "blubberoid/blubberoid-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-NZYGFMC2TZIPDQYI [81:4860] -A KUBE-SVC-EWFWE2MZVAZUSDCJ -m comment --comment "blubberoid/blubberoid-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-TPOSC7WXJITSQNHM [65:3900] -A KUBE-SVC-EWFWE2MZVAZUSDCJ -m comment --comment "blubberoid/blubberoid-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ASQ2QWDIQ7ZRHYYI [66:3960] -A KUBE-SVC-EWFWE2MZVAZUSDCJ -m comment --comment "blubberoid/blubberoid-production:http" -j KUBE-SEP-NWMB3KBZ55SO4LDW [2352:141120] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-YD3MMCY7YRZ23KFM [2382:142920] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-JSXXZF6DB47HAOTW [2303:138180] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-VZPQ5V7QXI33EFX5 [2471:148260] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-PRXHS5433PGAISX2 [2326:139560] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-RX4SR3MBS6J4RAIK [2382:142920] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-QPG23T44FP3FIDLH [2375:142500] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-FRJQKEHBA7MB5UVM [2398:143880] -A KUBE-SVC-F5V6EFTAING42ZST -m comment --comment "citoid/citoid-production:http" -j KUBE-SEP-PKGEVJZHX3RODJCX [15351:921060] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.04999999981 -j KUBE-SEP-YA7SBWUN4B5LAFV5 [15707:942420] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.05262999982 -j KUBE-SEP-YVA6LAHWBG2UT37Y [15564:933840] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.05555999978 -j KUBE-SEP-R4EBIWO76BY36ELS [15576:934560] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.05881999992 -j KUBE-SEP-H5YF2GBSYYOZONPK [15623:937380] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.06250000000 -j KUBE-SEP-M3WWEPPMCTB7BLDL [15584:935040] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.06667000009 -j KUBE-SEP-KRKP52L5LZ4E2QOT [15541:932460] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.07143000001 -j KUBE-SEP-OH4ZI4Z24ZVMEU7A [15377:922620] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.07691999990 -j KUBE-SEP-TW4OGVF4RTJE2MBJ [15493:929580] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.08332999982 -j KUBE-SEP-FGHQMJCOX46V3WZ2 [15403:924180] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.09090999980 -j KUBE-SEP-5X6UVN6ARF5TYMJ4 [15389:923340] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.10000000009 -j KUBE-SEP-C5R7FJMTVBQYYP7Z [15428:925680] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.11110999994 -j KUBE-SEP-25LSSMOQSLZO62TA [15631:937860] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-ZMQPWJGXRHHFTNJ6 [15519:931140] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-3EKUJOQNGD2M2BGA [15298:917880] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-WLCWSJ6G6KPUKCTB [15743:944580] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-J4OBMLACPA6WS5K2 [15463:927780] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-L4D2OGEMGVWTP7JS [15602:936120] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-XKI3TJGTHQZ6FGXF [15812:948720] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-3XKENU7WVKKTAHTV [15714:942840] -A KUBE-SVC-HKUKEOV3LVLACIYS -m comment --comment "eventgate-analytics/eventgate-analytics:http" -j KUBE-SEP-EOA4M4AMHPH5QKJT [0:0] -A KUBE-SVC-IRYOTVULVUBKGSRV -m comment --comment "cxserver/tiller-deploy:tiller" -j KUBE-SEP-DXLVQUNJLQYCSWET [0:0] -A KUBE-SVC-JUYW2F7ZNGJYSNZY -m comment --comment "graphoid/tiller-deploy:tiller" -j KUBE-SEP-LLGUN2HVGY5JS5NJ [4230:253800] -A KUBE-SVC-JVHX5TUQGN5CUHRG -m comment --comment "termbox/termbox-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-C3LNAFCTKEVSQ6LJ [4177:250620] -A KUBE-SVC-JVHX5TUQGN5CUHRG -m comment --comment "termbox/termbox-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-OZAGMMTF62X6TYQ2 [4032:241920] -A KUBE-SVC-JVHX5TUQGN5CUHRG -m comment --comment "termbox/termbox-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-HXLSTINWUTRUHRJ7 [4207:252420] -A KUBE-SVC-JVHX5TUQGN5CUHRG -m comment --comment "termbox/termbox-production:http" -j KUBE-SEP-6HUPMP5IVKEGRSOX [6051:363060] -A KUBE-SVC-LY6VP7FXLCW5URNS -m comment --comment "eventgate-main/eventgate-main:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-M6G6XPJOCWGY2INP [6200:372000] -A KUBE-SVC-LY6VP7FXLCW5URNS -m comment --comment "eventgate-main/eventgate-main:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-NOHY6L6QHZPYPHWG [6092:365520] -A KUBE-SVC-LY6VP7FXLCW5URNS -m comment --comment "eventgate-main/eventgate-main:http" -j KUBE-SEP-P4MGSHGFQGVSH3NM [0:0] -A KUBE-SVC-NDENSWNKXLPSX4C5 -m comment --comment "citoid/tiller-deploy:tiller" -j KUBE-SEP-VL4LXG4OAORE3CWW [0:0] -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-LBYINOPUCE5HODM6 --mask 255.255.255.255 --rsource -j KUBE-SEP-LBYINOPUCE5HODM6 [0:0] -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-BNQS32RABUIOIJVK --mask 255.255.255.255 --rsource -j KUBE-SEP-BNQS32RABUIOIJVK [0:0] -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-LBYINOPUCE5HODM6 [0:0] -A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-BNQS32RABUIOIJVK [0:0] -A KUBE-SVC-OYLCDZV7ODXZU5HU -m comment --comment "eventgate-main/tiller-deploy:tiller" -j KUBE-SEP-QLQMIE7ND3HQXXSI [2197:131820] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-BDXL4HDHKUBTO2XO [2164:129840] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-NGGIKPFLOKRFQXPH [2241:134460] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-Q4Y6Y2T5SC4L3ITY [2104:126240] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-LC3WK6J2636WZKTN [2151:129060] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-R4JOXQKX5IRJ4KVL [2102:126120] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-KEIL5EJUTMDOSFZW [2213:132780] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ZWXI7KAWCMWY5YZZ [2177:130620] -A KUBE-SVC-QVZRDVB2OIGPY6VN -m comment --comment "cxserver/cxserver-production:http" -j KUBE-SEP-TDMOM3ZAQQ6N532C [192:11520] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.10000000009 -j KUBE-SEP-B3XSLKK24I3RV53E [165:9900] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.11110999994 -j KUBE-SEP-LLMSPSLICATSJSDJ [174:10440] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.12500000000 -j KUBE-SEP-DXRBNUUKLAC3KWIB [162:9720] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.14286000002 -j KUBE-SEP-7WCR5RS3KL7SSYNX [159:9540] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.16667000018 -j KUBE-SEP-HJUUBUSEBGKOPCTM [157:9420] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-PUIGW4Z6VOZ47WPX [158:9480] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-5FTPLFRSUQY4SIOQ [172:10320] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-X2ULFOFAP7OVK5OP [128:7680] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ZMIUBM46KUTPJX45 [169:10140] -A KUBE-SVC-RBHDTOMHMN6RWXBU -m comment --comment "zotero/zotero-production:http" -j KUBE-SEP-MGDVL34HWYF35IL2 [0:0] -A KUBE-SVC-UGDSQCEEXPFQV43I -m comment --comment "eventgate-analytics/tiller-deploy:tiller" -j KUBE-SEP-BWOHOCEO7NXRBQKX [0:0] -A KUBE-SVC-VFNCZS3JSCJ4MQUE -m comment --comment "sessionstore/tiller-deploy:tiller" -j KUBE-SEP-Q56HMF344MPJWT4N [3987:239220] -A KUBE-SVC-WMPCKM4KQAWYURGE -m comment --comment "sessionstore/kask-production:http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-FIBOVC4TD57T6XPA [4047:242820] -A KUBE-SVC-WMPCKM4KQAWYURGE -m comment --comment "sessionstore/kask-production:http" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-6IAAQVQ44ZOHE24Z [4049:242940] -A KUBE-SVC-WMPCKM4KQAWYURGE -m comment --comment "sessionstore/kask-production:http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-GRXSJNBEO3VJVZ2W [4073:244380] -A KUBE-SVC-WMPCKM4KQAWYURGE -m comment --comment "sessionstore/kask-production:http" -j KUBE-SEP-YCAYGVFQO7FM2V2R [0:0] -A KUBE-SVC-XRV6LW34NCGJEJCY -m comment --comment "mathoid/tiller-deploy:tiller" -j KUBE-SEP-QPYEN6HCUXSL5G43 [0:0] -A cali-OUTPUT -p icmp -m icmp --icmp-type 5 -j LOG [0:0] -A cali-OUTPUT -p icmp -m icmp --icmp-type 5 -j LOG [5597974:336167200] -A cali-OUTPUT -m comment --comment "cali:GBTAv2p5CwevEyJm" -j cali-fip-dnat [26141505:1582782813] -A cali-POSTROUTING -m comment --comment "cali:Z-c7XtVd2Bq7s_hA" -j cali-fip-snat [26141505:1582782813] -A cali-POSTROUTING -m comment --comment "cali:nYKhEzDlr11Jccal" -j cali-nat-outgoing [20923967:1269800777] -A cali-PREROUTING -m comment --comment "cali:r6XmIziWUJsdOK6Z" -j cali-fip-dnat COMMIT # Completed on Tue Jun 25 11:34:30 2019 # Generated by iptables-save v1.6.0 on Tue Jun 25 11:34:30 2019 *filter :INPUT DROP [22:880] :FORWARD ACCEPT [4060279:765593942] :OUTPUT ACCEPT [338386:137437736] :KUBE-EXTERNAL-SERVICES - [0:0] :KUBE-FIREWALL - [0:0] :KUBE-FORWARD - [0:0] :KUBE-SERVICES - [0:0] :cali-FORWARD - [0:0] :cali-INPUT - [0:0] :cali-OUTPUT - [0:0] :cali-failsafe-in - [0:0] :cali-failsafe-out - [0:0] :cali-from-host-endpoint - [0:0] :cali-from-wl-dispatch - [0:0] :cali-from-wl-dispatch-2 - [0:0] :cali-from-wl-dispatch-5 - [0:0] :cali-from-wl-dispatch-a - [0:0] :cali-fw-cali1bc5dba9454 - [0:0] :cali-fw-cali23975c12260 - [0:0] :cali-fw-cali298241499c4 - [0:0] :cali-fw-cali35f5ced3039 - [0:0] :cali-fw-cali5018bf937e4 - [0:0] :cali-fw-cali5fb1db646ac - [0:0] :cali-fw-cali75293e80b4e - [0:0] :cali-fw-cali965c31dfb73 - [0:0] :cali-fw-calia3a57856439 - [0:0] :cali-fw-caliad21bc669e5 - [0:0] :cali-fw-calibe7cb9ec84d - [0:0] :cali-pi-_NN8eH6jJQKwLM9t9UJm - [0:0] :cali-pi-k8s-policy-no-match - [0:0] :cali-po-_NN8eH6jJQKwLM9t9UJm - [0:0] :cali-po-k8s-policy-no-match - [0:0] :cali-pri-k8s_ns.mathoid - [0:0] :cali-pro-k8s_ns.mathoid - [0:0] :cali-to-host-endpoint - [0:0] :cali-to-wl-dispatch - [0:0] :cali-to-wl-dispatch-2 - [0:0] :cali-to-wl-dispatch-5 - [0:0] :cali-to-wl-dispatch-a - [0:0] :cali-tw-cali1bc5dba9454 - [0:0] :cali-tw-cali23975c12260 - [0:0] :cali-tw-cali298241499c4 - [0:0] :cali-tw-cali35f5ced3039 - [0:0] :cali-tw-cali5018bf937e4 - [0:0] :cali-tw-cali5fb1db646ac - [0:0] :cali-tw-cali75293e80b4e - [0:0] :cali-tw-cali965c31dfb73 - [0:0] :cali-tw-calia3a57856439 - [0:0] :cali-tw-caliad21bc669e5 - [0:0] :cali-tw-calibe7cb9ec84d - [0:0] :cali-wl-to-host - [0:0] [38489972:15304997991] -A INPUT -j KUBE-FIREWALL [415460:24879728] -A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes externally-visible service portals" -j KUBE-EXTERNAL-SERVICES [38075464:15280607944] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT [183:5920] -A INPUT -i lo -j ACCEPT [15010:480704] -A INPUT -m pkttype --pkt-type multicast -j ACCEPT [90:91404] -A INPUT -p tcp -m state --state NEW -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP [11379:955836] -A INPUT -p icmp -j ACCEPT [0:0] -A INPUT -s 208.80.154.86/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 208.80.153.54/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 91.198.174.113/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 198.35.26.6/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 103.102.166.7/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 208.80.154.151/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 10.192.0.11/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.16.42/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.32.23/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.48.71/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.0.117/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.192.16.102/32 -p tcp -m tcp --dport 179 -j ACCEPT [756:48384] -A INPUT -s 208.80.153.192/32 -p tcp -m tcp --dport 179 -j ACCEPT [756:48384] -A INPUT -s 208.80.153.193/32 -p tcp -m tcp --dport 179 -j ACCEPT [0:0] -A INPUT -s 10.64.32.133/32 -p tcp -m tcp --dport 10250 -j ACCEPT [0:0] -A INPUT -s 10.64.0.45/32 -p tcp -m tcp --dport 10250 -j ACCEPT [0:0] -A INPUT -s 10.192.16.26/32 -p tcp -m tcp --dport 10250 -j ACCEPT [0:0] -A INPUT -s 10.192.0.93/32 -p tcp -m tcp --dport 10250 -j ACCEPT [4:240] -A INPUT -s 10.192.0.145/32 -p tcp -m tcp --dport 10255 -j ACCEPT [4:240] -A INPUT -s 10.192.16.189/32 -p tcp -m tcp --dport 10255 -j ACCEPT [200210:12012580] -A INPUT -s 208.80.154.84/32 -j ACCEPT [186689:11201340] -A INPUT -s 208.80.153.74/32 -j ACCEPT [0:0] -A INPUT -s 10.192.0.145/32 -p tcp -m tcp --dport 9100 -j ACCEPT [0:0] -A INPUT -s 10.192.16.189/32 -p tcp -m tcp --dport 9100 -j ACCEPT [0:0] -A INPUT -s 10.192.0.145/32 -p tcp -m tcp --dport 9105 -j ACCEPT [0:0] -A INPUT -s 10.192.16.189/32 -p tcp -m tcp --dport 9105 -j ACCEPT [0:0] -A INPUT -s 10.64.32.25/32 -p tcp -m tcp --dport 22 -j ACCEPT [0:0] -A INPUT -s 10.192.48.16/32 -p tcp -m tcp --dport 22 -j ACCEPT [16:6624] -A INPUT -d 255.255.255.255/32 -p udp -m udp --sport 67 --dport 68 -j DROP [499:28312] -A INPUT -m limit --limit 1/sec -j NFLOG --nflog-prefix "[fw-in-drop]" [77480685:14154032248] -A FORWARD -m comment --comment "kubernetes forwarding rules" -j KUBE-FORWARD [17:1292] -A OUTPUT -p icmp -m icmp --icmp-type 5 -j LOG [389285:155868766] -A OUTPUT -j KUBE-FIREWALL [5620918:337734913] -A OUTPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES [0:0] -A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP [419439:25166340] -A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT [0:0] -A cali-FORWARD -m comment --comment "cali:jxvuJjmmRV135nVu" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT [71401005:23452962882] -A cali-FORWARD -i cali+ -m comment --comment "cali:nu_3aWP3DUkeeFF6" -j cali-from-wl-dispatch [90257068:23611315744] -A cali-FORWARD -o cali+ -m comment --comment "cali:DjrV_uMYqr-g4joA" -j cali-to-wl-dispatch [902346:84988857] -A cali-FORWARD -i cali+ -m comment --comment "cali:Hl34eZwIcbzmic3y" -j ACCEPT [13105440:786326400] -A cali-FORWARD -o cali+ -m comment --comment "cali:O17zRKq2dvqwJKGA" -j ACCEPT [72422661:13258944676] -A cali-FORWARD -m comment --comment "cali:aTQofb9V5IPBvpDr" -j MARK --set-xmark 0x0/0x7000000 [72422661:13258944676] -A cali-FORWARD -m comment --comment "cali:yl6jfcAHxkOSlAV7" -j cali-from-host-endpoint [72422661:13258944676] -A cali-FORWARD -m comment --comment "cali:zA6HyaP1JlANkvKN" -j cali-to-host-endpoint [0:0] -A cali-FORWARD -m comment --comment "cali:xYGCuGpZAkaFt1KN" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT [0:0] -A cali-INPUT -m comment --comment "cali:46gVAqzWLjH8U4O2" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT [17960608:3451258201] -A cali-INPUT -i cali+ -m comment --comment "cali:yb_wYwqOAlwJU5gw" -g cali-wl-to-host [38027246:14863324357] -A cali-INPUT -m comment --comment "cali:2cs1o_c3IGSHt8wF" -j MARK --set-xmark 0x0/0x7000000 [38027246:14863324357] -A cali-INPUT -m comment --comment "cali:kYbxo4ThzIDv5Tbk" -j cali-from-host-endpoint [0:0] -A cali-INPUT -m comment --comment "cali:T-myOFrvU8AM3EEU" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT [0:0] -A cali-OUTPUT -m comment --comment "cali:FwFFCT8uDthhfgS7" -m mark --mark 0x1000000/0x1000000 -m conntrack --ctstate UNTRACKED -j ACCEPT [26791533:1738525891] -A cali-OUTPUT -o cali+ -m comment --comment "cali:lE9pRQNw1a_fJ2-L" -j RETURN [35972669:15082922754] -A cali-OUTPUT -m comment --comment "cali:kXSia9_8D_I9Mx8M" -j MARK --set-xmark 0x0/0x7000000 [35972669:15082922754] -A cali-OUTPUT -m comment --comment "cali:xuyU_DgoL_xoueJt" -j cali-to-host-endpoint [0:0] -A cali-OUTPUT -m comment --comment "cali:-KZpg9OTpqQcNRfw" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x1000000/0x1000000 -j ACCEPT [0:0] -A cali-failsafe-in -p tcp -m comment --comment "cali:wWFQM43tJU7wwnFZ" -m multiport --dports 22 -j ACCEPT [0:0] -A cali-failsafe-in -p udp -m comment --comment "cali:LwNV--R8MjeUYacw" -m multiport --dports 68 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:73bZKoyDfOpFwC2T" -m multiport --dports 2379 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:QMFuWo6o-d9yOpNm" -m multiport --dports 2380 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:Kup7QkrsdmfGX0uL" -m multiport --dports 4001 -j ACCEPT [0:0] -A cali-failsafe-out -p tcp -m comment --comment "cali:xYYr5PEqDf_Pqfkv" -m multiport --dports 7001 -j ACCEPT [0:0] -A cali-failsafe-out -p udp -m comment --comment "cali:nbWBvu4OtudVY60Q" -m multiport --dports 53 -j ACCEPT [0:0] -A cali-failsafe-out -p udp -m comment --comment "cali:UxFu5cDK5En6dT3Y" -m multiport --dports 67 -j ACCEPT [0:0] -A cali-from-wl-dispatch -i cali1bc5dba9454 -m comment --comment "cali:uVMkqIb93ML7WPo8" -g cali-fw-cali1bc5dba9454 [0:0] -A cali-from-wl-dispatch -i cali2+ -m comment --comment "cali:U8gh0E3OuAS1lWWU" -g cali-from-wl-dispatch-2 [0:0] -A cali-from-wl-dispatch -i cali35f5ced3039 -m comment --comment "cali:srTdKoPIGyKXLAEy" -g cali-fw-cali35f5ced3039 [0:0] -A cali-from-wl-dispatch -i cali5+ -m comment --comment "cali:KeHdrI6nc3GdxxDF" -g cali-from-wl-dispatch-5 [0:0] -A cali-from-wl-dispatch -i cali75293e80b4e -m comment --comment "cali:Y0luhiYV4gN57u3X" -g cali-fw-cali75293e80b4e [0:0] -A cali-from-wl-dispatch -i cali965c31dfb73 -m comment --comment "cali:4H-4wX0zEGRke25t" -g cali-fw-cali965c31dfb73 [0:0] -A cali-from-wl-dispatch -i calia+ -m comment --comment "cali:iTSi_zCPPSmQFH_T" -g cali-from-wl-dispatch-a [0:0] -A cali-from-wl-dispatch -i calibe7cb9ec84d -m comment --comment "cali:7_MZTD85W9b_1bdx" -g cali-fw-calibe7cb9ec84d [0:0] -A cali-from-wl-dispatch -m comment --comment "cali:GaUQFKPSo55OhjCw" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-from-wl-dispatch-2 -i cali23975c12260 -m comment --comment "cali:SivcHjvO1LDQ7WcO" -g cali-fw-cali23975c12260 [0:0] -A cali-from-wl-dispatch-2 -i cali298241499c4 -m comment --comment "cali:9SRXIDIObIUuDFMo" -g cali-fw-cali298241499c4 [0:0] -A cali-from-wl-dispatch-2 -m comment --comment "cali:eRyrccMcgX4oq0km" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-from-wl-dispatch-5 -i cali5018bf937e4 -m comment --comment "cali:CDXq9AEN91WbI0Tf" -g cali-fw-cali5018bf937e4 [0:0] -A cali-from-wl-dispatch-5 -i cali5fb1db646ac -m comment --comment "cali:Ew5-BeKftE4CC9GB" -g cali-fw-cali5fb1db646ac [0:0] -A cali-from-wl-dispatch-5 -m comment --comment "cali:vURt9AQvI0U6xx6d" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-from-wl-dispatch-a -i calia3a57856439 -m comment --comment "cali:e4eUCmJQPQ5isGvD" -g cali-fw-calia3a57856439 [0:0] -A cali-from-wl-dispatch-a -i caliad21bc669e5 -m comment --comment "cali:rkBwLKcFK5EJBNhQ" -g cali-fw-caliad21bc669e5 [0:0] -A cali-from-wl-dispatch-a -m comment --comment "cali:aRikphVWaJN0fnSb" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:Njor_ZOuw2ql5kfe" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:zbpLgvDSkOmT9uF7" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:N5u6E6DQzd2rOlDP" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:y5jR_g0xC7zNuSxH" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:guaxsLwJsDeSwPqF" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:GBeW09ouLQOxXYz2" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:b3lm-r6GChZeMafc" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:-iPH_8RS_ISRyWYO" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:ti94CTRZ1PZ8s-9_" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:T_lq5TAuvF4AwERZ" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:eZ10E77aE01NDKIE" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali1bc5dba9454 -m comment --comment "cali:VKCNI6f98uj9mVfq" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:_jRNtMwPSJw2nquV" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:7OJe0spv2h2pfCA3" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:z6f0SoxjmptCtNHc" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:psi0BVaQCYUMvB5f" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:v6wLDULTC9oiYEa3" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:J1setqR5pJk7mAbn" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:FB1Q1siOwsm_Qp81" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:tIeSrG355K3sdLOd" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:35JaEomVrN4fwS0K" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:PcmyRJyUgIkxUmSW" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:9fx1Wew_RHFh-Vwr" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali23975c12260 -m comment --comment "cali:pwyk5XtOxi8vYVxc" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:4yoYhqzUDfl28bWU" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:kGnxyWo0df0TQ62m" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:HofPAMf-4gHk4hRx" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:H-iMXNd7rArzL49Q" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:RS9w2nrkz95ciHYe" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:-XdwtvzuEAU2zydO" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:AbixDEHkWsgEzAee" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:__Hfu2hV_b67aD6k" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:2tV7l5I__IsfFS1H" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:-L1ln4h3E2CDywJA" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:n3p4tRc9vteHGVUo" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali298241499c4 -m comment --comment "cali:hD6G17eturpG2mFe" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:s5EdAe-WtzBVybD5" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:EcixVfaLuXCuoSLX" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:hCztxRfKb5haGiLE" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:QLQOmKHeu4CzVOSU" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:tO349ueQ2po0HYIc" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:HIVry_Q_irv_B3__" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:vBwuo9WFyUwMkukH" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:pfDfxEWMJDAS9xJz" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:s6kFtDmL2v9PV4n7" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:4eVOYIH-we7g_C8t" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:HytF2T5l_-WJ1QTq" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali35f5ced3039 -m comment --comment "cali:C-yosQ_ttin7QiBQ" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:22nG2325hfghBYeR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:XRGnKu1VzKNmz5m2" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:7UmkwgfjMYm0GP2x" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:KFWb527jQv-gwLxy" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:IzqgYvGnakydbfkZ" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:xDAaqzVQKSQHXpGd" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:95nDbMxc6ZP6BsgB" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:2GsEeCHJcMu8otJc" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:JGD0aOm0e9UCb8CD" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:3Zm9sKBx4l7d_f8l" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:CnAIAynIq4maHNQT" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5018bf937e4 -m comment --comment "cali:6Tu-cKeYdiX-M--9" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:wuToFF6rBi_nfODK" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:V5Dh_jyKTV9V_Ef6" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:jeMmSeTn-eiMVsyi" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:GxRmk-vC0kntQXFT" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:Jqz6_D6KpMwFOehp" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:oJ3voqWjC4xDbTUs" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:vhGd2C2Ubaqhvoks" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:neVpMiwez6n4Tq0V" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:ZWKJ8fbTx2Zc1mR3" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali5fb1db646ac -m comment --comment "cali:lduC3Mko51hR95ch" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:U2GQtRO4ODl5HpMh" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:Esq-UD1ESrGE0mss" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:2yaa42jBmWYEa0ds" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:w2aMUMbNpO7aiAR2" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:Di5wVYqD5N0fT2yR" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:hEQlGaUD2FItrC7j" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:xZ4aI4dTQAoeDOxx" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:ODL1gTPRaVW7iAzh" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:BlwIVMliHprf_qnw" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:9OhVLPN4fIr42lZR" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:yci_2wLUFrPXyDW4" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali75293e80b4e -m comment --comment "cali:_UjvwBbxxE9l83mg" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:Ed2iNGvyzLb2WL3I" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:72DWnEpPck0uOrIE" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:fXtXkOtj1xDkfBLI" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:LRqGF_yVQaf6huX0" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:fUEMdt6dIJn34HiC" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:xxJLw5LVHy-QMQF-" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:MuluroyqXr206l5Q" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:rFWiialgZ2EbBW4J" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:kytqIBbnqSeL1JTl" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:646dBA6iroLhgbIh" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:UpGM8WgOYMLlsE57" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-cali965c31dfb73 -m comment --comment "cali:IyECIAECmpB_JEVJ" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:_ysDaFITgTqGwWQ6" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:FmixNSL7uaHoi-NL" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:v9ArnC2HJC82WAvm" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:TPGtvCuH2yQuyb-3" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:dhMgJ9-tKMHtpTwS" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:6j8RgIVZW4U4JXzC" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:Zs_hyWdjBz8eLdfg" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:srl_00oN2VkD_mp6" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:Oq0NaOaP2BdLeqoC" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:9iSDPeOnZETKmzy9" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:LwwGmw9r6I4yxXef" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calia3a57856439 -m comment --comment "cali:nifipVGuDkzUSGV7" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:pr-vfVoOlxJEenZo" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:T6OYnyN8yYcZcfGS" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:C0z0DouPIefEOHas" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:ED0GMxSw4rUt2bJR" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:qTo3Yxf2Qz93SzbL" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:yKh6-42RrwG8MZrr" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:1oxWoniki-lL2iwg" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:e3qkHLWcCm059R93" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:cdB-_EfGZzfgQ5lB" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:AoBNVWTDihywZ0gh" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:oJJmO7RpCbzgbZek" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-caliad21bc669e5 -m comment --comment "cali:t79EaAwLbfguCUPt" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:yOiXi2j_6Hr_l45O" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:TBoEGKjQ-T47jGTd" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:l1XRnOyPGIFsKs7r" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:c5ngPeXwsgxVcytJ" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:zNOgUYDtH-LJYiI3" -m mark --mark 0x0/0x2000000 -j cali-po-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:vSw8q-aHNTLsoVL_" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:Ks_mT0WPjR9xEGNA" -m mark --mark 0x0/0x2000000 -j cali-po-k8s-policy-no-match [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:0jS7AuSot8uvYbbJ" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:iqI2530zkoChwE2U" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:sJBEO3ZmM-KFr7o4" -j cali-pro-k8s_ns.mathoid [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:aa40OaZGhb5qMDIm" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-fw-calibe7cb9ec84d -m comment --comment "cali:jSmmpPh_xeCZyiVA" -m comment --comment "Drop if no profiles matched" -j DROP [495954:29757240] -A cali-pi-_NN8eH6jJQKwLM9t9UJm -p tcp -m comment --comment "cali:L9wBYmIq1tVTrZ0e" -m multiport --dports 10044,9102 -j MARK --set-xmark 0x1000000/0x1000000 [495954:29757240] -A cali-pi-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:-JLGkjr5h5p2yYkk" -m mark --mark 0x1000000/0x1000000 -j RETURN [40:2400] -A cali-pi-k8s-policy-no-match -m comment --comment "cali:eXR8WKtGQfKPd5zm" -j MARK --set-xmark 0x2000000/0x2000000 [40:2400] -A cali-pi-k8s-policy-no-match -m comment --comment "cali:J7UwAp2kUUNYDEbZ" -m mark --mark 0x2000000/0x2000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.64.0/21 -m comment --comment "cali:Hb_51jLXnfOG55Ee" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:cLF0h3yCOrcSDnrl" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.64.0/21 -m comment --comment "cali:CdwsSH_58_DbGvf0" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Oa68jDAaW6NII-m6" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.75.0/24 -m comment --comment "cali:TSXdJ1H2N_hXyday" -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:mf2BTGZY0ISNWkNh" -m mark --mark 0x1000000/0x1000000 -j RETURN [24:1680] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.254/32 -p udp -m comment --comment "cali:0LzccY922C2RXHxm" -m multiport --dports 53 -j MARK --set-xmark 0x1000000/0x1000000 [24:1680] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:HRMOBzbeUb8jaL4u" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.254/32 -p udp -m comment --comment "cali:bhiaHiL9JCHwqHvi" -m multiport --dports 53 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0q4r-SxGe_ibo0no" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.49/32 -p tcp -m comment --comment "cali:hToG5b-iPJFd5XjI" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:eSo6kMycXntF2a1T" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.16/32 -p tcp -m comment --comment "cali:kyvmINmgTIfxjSaX" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:zRgMTTBKw1py7iIv" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.50/32 -p tcp -m comment --comment "cali:iYfLoQeLIq_czQ4P" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:aGzXXBhuOWVcS6FN" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.80/32 -p tcp -m comment --comment "cali:XpdQ0OL7hPwSSSNe" -m multiport --dports 8080 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XjeixYpdjfuf2671" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.155/32 -p udp -m comment --comment "cali:-EBqY4sXgD3gPi7P" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:suEYEFA8kMWqTNkV" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.149/32 -p udp -m comment --comment "cali:rnJyq8BucayeNV6Q" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:LFhASW0XbK8DuS3t" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.33/32 -p udp -m comment --comment "cali:MdaRdYW1qhouPjZ7" -m multiport --dports 8125 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:wbOg7IZSwPvrZmfP" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.36/32 -p tcp -m comment --comment "cali:jpm6xvx86o-ZoCo5" -m multiport --dports 10514,11514 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:GNWq-7eQNyPTDmcm" -m mark --mark 0x1000000/0x1000000 -j RETURN [24:7139] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.36/32 -p udp -m comment --comment "cali:voBBjKhA4F4o55ug" -m multiport --dports 8324,10514,11514,12201 -j MARK --set-xmark 0x1000000/0x1000000 [24:7139] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:5YZDpOvkoQEE3lRA" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.17/32 -p tcp -m comment --comment "cali:dLmgOSNW0H_6Exkg" -m multiport --dports 7231 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:9H-mzrz4ehEKXl1X" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.17/32 -p tcp -m comment --comment "cali:was_SzvHzmFTyt02" -m multiport --dports 7231 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0YVo7kQNQjbvKRj2" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.22/32 -p tcp -m comment --comment "cali:oFAHWeFrCSIrpZlD" -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:JiJ4vNTbfZRUEzd0" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.22/32 -p tcp -m comment --comment "cali:TSDl4FLJ1ujJHuXv" -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:1i1RU4vECUoFlmo0" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.23/32 -p tcp -m comment --comment "cali:MSU4fRChUyOk4lyp" -m multiport --dports 8085 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:NKIPE4KwZPTViOzH" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.23/32 -p tcp -m comment --comment "cali:gez_Tq-M3vy4iAbe" -m multiport --dports 8085 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:j405UyE0p_-_uU4_" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.153.224/32 -p tcp -m comment --comment "cali:nsQ7TdxDHOCY2nAI" -m set --match-set cali4-s:xo0brK9aUuXJ0GzbOaeP8VM src -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:OLwF7XZTMAkYeIwD" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 208.80.154.224/32 -p tcp -m comment --comment "cali:CIiPZCu1Pl84ZOvB" -m set --match-set cali4-s:xo0brK9aUuXJ0GzbOaeP8VM src -m multiport --dports 80,443 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:krmNho4RTZf3JHFx" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.175/32 -p tcp -m comment --comment "cali:-lsa6yyGNVX9YJvM" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:yq1vrydFLuztiAxM" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.176/32 -p tcp -m comment --comment "cali:xOyAo5MZznuPJ0VR" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:C4QvUoW31pNb1q2x" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.99/32 -p tcp -m comment --comment "cali:GDTd_AKxf_MCDzC9" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xehNYDdstr1q27_L" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.159/32 -p tcp -m comment --comment "cali:Mx3mdosC-q2_oVyr" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:YJfgYuXByL6Z0rcg" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.160/32 -p tcp -m comment --comment "cali:wqpGhyiIgU0HqgqV" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:i8Lo3DEhoWHCG-l9" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.117/32 -p tcp -m comment --comment "cali:0vIFTcCn2xof7bPx" -m set --match-set cali4-s:MNCFOoz5nw891tDQcl53c1X src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:0FIS-6aBRY5HaW2z" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.11/32 -p tcp -m comment --comment "cali:5mg0z5kLGALR_v0Z" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:qOgLgO8Sj8yp39EU" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.41/32 -p tcp -m comment --comment "cali:vYOP__ycNKS_Q4df" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:KASRTrn_jE4O2ugX" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.127/32 -p tcp -m comment --comment "cali:239PHQPk3QDSKiO_" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:iD9f9V8X2ecxIpRZ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.0.139/32 -p tcp -m comment --comment "cali:cUBgVmeG-jcvcUZf" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:nwk6_sRVxUcAEjWK" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.169/32 -p tcp -m comment --comment "cali:R0o3GB60AUlNlWWE" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:vjn0AaWFUpbYaWrn" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.150/32 -p tcp -m comment --comment "cali:xnwjOFv4OUKJaucv" -m set --match-set cali4-s:wWYnMDi6GzHd0Jvzmgv-Z_v src -m multiport --dports 9092 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:euZALIbnZTydQMdY" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.16/32 -p tcp -m comment --comment "cali:aT25RyT5mGT9Qrkf" -m set --match-set cali4-s:3iAwASLOol-1TU-fuIwcqNd src -m multiport --dports 1969 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XfEpwu70WMkeKIfw" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.16/32 -p tcp -m comment --comment "cali:ganCI2cFEqi7g3Lu" -m set --match-set cali4-s:3iAwASLOol-1TU-fuIwcqNd src -m multiport --dports 1969 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:QZMd6IRhm3TCiSlg" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.1.11/32 -p tcp -m comment --comment "cali:SP-jn_pyJ4jRPzCL" -m set --match-set cali4-s:XyHxHeVogA5VjZuGWWoyiFE src -m multiport --dports 2737 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xq3dYdT4-TU2Uft7" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.2.2.11/32 -p tcp -m comment --comment "cali:8tIsQjEQz-S-k9hg" -m set --match-set cali4-s:XyHxHeVogA5VjZuGWWoyiFE src -m multiport --dports 2737 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:icVFUfOKxWL5ts9k" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.141/32 -p tcp -m comment --comment "cali:EJ4xw6_ooRSmxkEX" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:OChzA5wDSSJTxiUa" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.144/32 -p tcp -m comment --comment "cali:s1Lf70rUZIAFvs_w" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:enVSzo2CAltgV_Bx" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.78/32 -p tcp -m comment --comment "cali:Jx1uBPQmrMWx_oaJ" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:ahKzoHayc6fw_SQV" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.32.85/32 -p tcp -m comment --comment "cali:3yMxM5zhnGW-I-2-" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:61YXn1-Qzpb3qtiB" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.175/32 -p tcp -m comment --comment "cali:mba6qyUOLSSLLqHM" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:y6SsLdSij2xjfyLL" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.178/32 -p tcp -m comment --comment "cali:eo84dXxQcHxDJmco" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:EsSPRvtEHUEYBRWR" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.79/32 -p tcp -m comment --comment "cali:kB8NHJq9078azHWs" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:qBveAzuLEZf1WZbb" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.16.95/32 -p tcp -m comment --comment "cali:u93nS4bppllE_C0o" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:tgqV9ieHo74uFixJ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.15/32 -p tcp -m comment --comment "cali:BrePDK_xvt2ipGov" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Chi9pg6vdMsHGeas" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.32.101/32 -p tcp -m comment --comment "cali:0ePK4nqW1dpdjADJ" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:bjqFtZLozs6st18o" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.48.118/32 -p tcp -m comment --comment "cali:5JlNLd1a_jez6bdm" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:d68cYQOpH_8dqspS" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.192.48.132/32 -p tcp -m comment --comment "cali:9HUmbYptZh3xhB2H" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:RTFL7wCGVYzcgR0s" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.89/32 -p tcp -m comment --comment "cali:1cX5VaVM1-ANLf60" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:gl8VZV-OczjD0-dz" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.167/32 -p tcp -m comment --comment "cali:ENsolVnLFMJ9Swv0" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:XHlgJdgJ54zFk55_" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.0.168/32 -p tcp -m comment --comment "cali:RddV6MngR8TAbury" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:gkMGNcsmscCOYBNB" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.96/32 -p tcp -m comment --comment "cali:R4dEpuBNc68KvaZ5" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:w4ucO7TsqRaq6GkZ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.97/32 -p tcp -m comment --comment "cali:n1AEs2-__xZDotlh" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:xnCC1IwIp306y37P" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.16.98/32 -p tcp -m comment --comment "cali:WA2-ZXPLBkM2VFz5" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:aMx6AymLQKfsWfdt" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.10/32 -p tcp -m comment --comment "cali:pKraBpLCOltQGgfP" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:yG89BiNgIQXWhRbt" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.168/32 -p tcp -m comment --comment "cali:_KpeiGmQZH6I2OHO" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:YMLlu9icrA9S-RSL" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -d 10.64.48.169/32 -p tcp -m comment --comment "cali:ikQRoJlZQVyFuHxX" -m set --match-set cali4-s:PWfs-nwCMG2so4uawpYXeoG src -m multiport --dports 9042 -j MARK --set-xmark 0x1000000/0x1000000 [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:t1vtn1pqFQ56zUzQ" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-po-_NN8eH6jJQKwLM9t9UJm -m comment --comment "cali:Wb6k-cOv-_qGCmYE" -j DROP [15:996] -A cali-po-k8s-policy-no-match -m comment --comment "cali:M1MvnGSuWnBDoJxY" -j MARK --set-xmark 0x2000000/0x2000000 [15:996] -A cali-po-k8s-policy-no-match -m comment --comment "cali:srq_4spRBeZ7r-5T" -m mark --mark 0x2000000/0x2000000 -j RETURN [0:0] -A cali-pri-k8s_ns.mathoid -m comment --comment "cali:0WjF7fFjIB9eUVtx" -j DROP [6:408] -A cali-pro-k8s_ns.mathoid -m comment --comment "cali:7cwIC811QXJnus-Q" -j MARK --set-xmark 0x1000000/0x1000000 [6:408] -A cali-pro-k8s_ns.mathoid -m comment --comment "cali:Wg5MbFzoWNtFek1F" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-to-wl-dispatch -o cali1bc5dba9454 -m comment --comment "cali:cNZdQdgAc2-SFTvS" -g cali-tw-cali1bc5dba9454 [0:0] -A cali-to-wl-dispatch -o cali2+ -m comment --comment "cali:gPdiOwfve5OlSvVW" -g cali-to-wl-dispatch-2 [0:0] -A cali-to-wl-dispatch -o cali35f5ced3039 -m comment --comment "cali:rz34gdiMwSC55wCh" -g cali-tw-cali35f5ced3039 [0:0] -A cali-to-wl-dispatch -o cali5+ -m comment --comment "cali:c1Nbcw3jwp9ajJTc" -g cali-to-wl-dispatch-5 [0:0] -A cali-to-wl-dispatch -o cali75293e80b4e -m comment --comment "cali:oK4fFWEq6x2tlpV5" -g cali-tw-cali75293e80b4e [0:0] -A cali-to-wl-dispatch -o cali965c31dfb73 -m comment --comment "cali:_v1ftiFjCAzBjsR0" -g cali-tw-cali965c31dfb73 [0:0] -A cali-to-wl-dispatch -o calia+ -m comment --comment "cali:plLkv1BJsmWZ2VG6" -g cali-to-wl-dispatch-a [0:0] -A cali-to-wl-dispatch -o calibe7cb9ec84d -m comment --comment "cali:ZKBHYyFTBh1dOx3c" -g cali-tw-calibe7cb9ec84d [0:0] -A cali-to-wl-dispatch -m comment --comment "cali:IVId-lKIYyKXAURg" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-to-wl-dispatch-2 -o cali23975c12260 -m comment --comment "cali:bb9P9DGVdGPgS_mi" -g cali-tw-cali23975c12260 [0:0] -A cali-to-wl-dispatch-2 -o cali298241499c4 -m comment --comment "cali:AadfO4TVWxyaUPbF" -g cali-tw-cali298241499c4 [0:0] -A cali-to-wl-dispatch-2 -m comment --comment "cali:Vbe0sFz-i6XPXgRz" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-to-wl-dispatch-5 -o cali5018bf937e4 -m comment --comment "cali:-A_CG1T6xh4mK-9O" -g cali-tw-cali5018bf937e4 [0:0] -A cali-to-wl-dispatch-5 -o cali5fb1db646ac -m comment --comment "cali:ApAcVdl9VYEpPJ6I" -g cali-tw-cali5fb1db646ac [0:0] -A cali-to-wl-dispatch-5 -m comment --comment "cali:JSL-34oy_4YhqAaz" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-to-wl-dispatch-a -o calia3a57856439 -m comment --comment "cali:EuJb-okjTbyHgD2i" -g cali-tw-calia3a57856439 [0:0] -A cali-to-wl-dispatch-a -o caliad21bc669e5 -m comment --comment "cali:BfCOOVdhJLNClQW_" -g cali-tw-caliad21bc669e5 [0:0] -A cali-to-wl-dispatch-a -m comment --comment "cali:hrGCKOQigyZlrBNa" -m comment --comment "Unknown interface" -j DROP [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:ZKl3Wu4VWAHJObIO" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:e3-FuCuOqged4Vor" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:NTUFA6lKC0i2a6Qs" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:2jYAGjdeCnXbj3JH" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:MnKl5WYlbW1qYMLy" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:tJTgQc0Jvl1bWybV" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:9oXc0LTO7M0s5CQm" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:RD_XDa2dI7Fihhfm" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:ncnWodbIPfVkhOxd" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:h3lOWZ82zu-lEPDj" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:4TNWmYYgVik1JPV4" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali1bc5dba9454 -m comment --comment "cali:8uefxez8Qok_YAMQ" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:dhHLITPqH_3UYkYn" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:wSLtQQcwhYZWPY-y" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:3myFe7uxnmCth_q5" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:2k9jZOAktdxeZWDL" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:6g7NVYX0jz6Sempv" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:PU8Au0OUclqF3TxV" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:wUIptsarhtxXtClK" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:N1TJXxRkVdtpr60p" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:ewE9vLNyUZdtK59w" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:7LqObWaCgBhNfv4-" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:wcwE4b6P4tMOZytA" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali23975c12260 -m comment --comment "cali:rQsGW4MNEjbr6oTN" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:7-8AhBq85aqaodSh" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:UK-o6Q-TQ_8bE_j8" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:GzE249GNjpBWq8M_" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:D4Ow8L8NB_DrN0FP" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:UKas_q2Rn4x5T5BT" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:qRD4p2_mACCAe5ib" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:1D6iZzGfrL3AHO_p" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:4mhL8xI_0AF7L3Wd" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:Z2PJvQHbmkft0Q10" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:86ZkcAMvgCLrNz1e" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:9mhEAecHn89vRXuA" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali298241499c4 -m comment --comment "cali:bPmOap2dPZPGc_UP" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:41Z85N2kGbn1T-Iu" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:Wme31Csv2krhCrqA" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:jpY24R8x6ElABCiP" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:mlf16EZpiRxNlXRO" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:3kWZEts8vzgnL6X4" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:hvkc1yR9jklKge5B" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:K4T_b-c6qO1P0Udg" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:M1DCbYwUpU-izBQT" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:h5PZqz88cFdfhY17" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:EncxxvLNM5y90mby" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:f6foIBpUiIP7S0LY" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali35f5ced3039 -m comment --comment "cali:HdQJzJUV3oQ9Kcgk" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:69k0MnDaUVG1VgFI" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:p-LGAaJco89yY619" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:OKusYe15lxx0tsYc" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:76j9UTPW9zELy73R" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:yahMIjDNXFaEdegu" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:clu70Q6qsvWoD97U" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:Rv0BELdYGTOQ0lSh" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:JnTcovmhC1aKBQJG" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:b64gYgTrCXk439Gp" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:fX9myoks3E0Mln3r" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:kt3RKUFDc2yAzOVv" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5018bf937e4 -m comment --comment "cali:fH-je3VTDCpFhnmY" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:9BfSzWlZ7ojg9cNb" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:IIwv0lqqxOnPQQFJ" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:SQMjSi8746HHa1wX" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:8cb0aSMPIX120BEg" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:LLTghy0y7aSsaXjG" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:9t3S-bJcNMUVWvUy" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:LlUqC3nhncx3danm" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:Qn-5siQ-HtvbiXxy" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:h7LxA8ZW2eq4WcvV" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali5fb1db646ac -m comment --comment "cali:-VD7BBbJag7gBrvl" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:ncO4XC74_yNf1kdg" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:YT7Uc4cQ-n3NU9oD" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:aiX64wzb-M82JupH" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:FFJfBJijORin4oHW" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:4z2mvc-uIgUA5A5f" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:pHys7QemgOtvdgB6" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:LZKecbngr26fghRv" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:nxUCgrZpHTIXCpOU" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:UY5c4S0F8BY6KaNx" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:U7BTD121zTLKGaec" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:L45ZBYhggeq_1H0d" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali75293e80b4e -m comment --comment "cali:dHbB88gSEbohyiAr" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:a0Mw8N92rw7GA9NJ" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:guI_53A27PFW0jkc" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:jzg_V-EpqXOaKBv3" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:0P83-8b4lun2XGIN" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:WcsMn4CWDbqQidFu" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:QgOzTmIQTey4KlL3" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:fVRwHvOxXydEuB76" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:4Eyd1blgO8_HDeGw" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:mjjpQ93dXgkk_VTW" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:CPGMFDTeq96a6v-i" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:U3fRDcp89h-U4OLY" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-cali965c31dfb73 -m comment --comment "cali:gaOeDX7_LZebixml" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:HYBisH7HbdYABxHe" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:9xRAsvwlZevWzGPi" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:VNfB6KoJoW35xPw9" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:A9eF7EvA9GWDuTri" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:lWNrNYioDGGvEBDe" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:qALacMFNcseGqGMB" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:jnG-SZ45u0Fhxymb" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:d9Hu125C_uiaKzly" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:gu9EEqcm5NCxZ2TD" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:syqkmlwiRioBVRAI" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:Di9lEuvq0sYFrIXq" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calia3a57856439 -m comment --comment "cali:lttR-7x62zeJQLrB" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:f1LZwukNsOHtjLRp" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:Jrs1xdOwq9QyuEXt" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:CzxX4OziLuiY_PBi" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:iVDyyy8CoaClEUqp" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:KkpJIv2DbJ4xJum5" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:DUC5wupS6gW2Ad63" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:G7oRXZMh5BSi154v" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:j_I2eAazK-h0kEAY" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:4GD6Egdl9-TbzZm_" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:cOEfUH3dXDvodneM" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:-JOq-2DhOk8K1i7F" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-caliad21bc669e5 -m comment --comment "cali:PtP-YvJYp89Xv2Ew" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:nRumTAeNct6WhuyT" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:8CXHeyEI3FtdtoLy" -m conntrack --ctstate INVALID -j DROP [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:oM0R1fUIRgYLyiVF" -j MARK --set-xmark 0x0/0x1000000 [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:mJvPqt_Dh9JuXcC3" -m comment --comment "Start of policies" -j MARK --set-xmark 0x0/0x2000000 [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:qrO2mfy6qvgycmrO" -m mark --mark 0x0/0x2000000 -j cali-pi-_NN8eH6jJQKwLM9t9UJm [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:Vt6FBz_P61a83t_y" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:ix9RWs7amofIvZoy" -m mark --mark 0x0/0x2000000 -j cali-pi-k8s-policy-no-match [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:cRkmK3JfQOM70Vvj" -m comment --comment "Return if policy accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:Ca_0NIF5hy9o82ql" -m comment --comment "Drop if no policies passed packet" -m mark --mark 0x0/0x2000000 -j DROP [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:DNfwf-pMCBxdxdWT" -j cali-pri-k8s_ns.mathoid [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:PFk5fCeWLudiB7ID" -m comment --comment "Return if profile accepted" -m mark --mark 0x1000000/0x1000000 -j RETURN [0:0] -A cali-tw-calibe7cb9ec84d -m comment --comment "cali:nsrrDzsZGjARILnm" -m comment --comment "Drop if no profiles matched" -j DROP [0:0] -A cali-wl-to-host -p udp -m comment --comment "cali:aEOMPPLgak2S0Lxs" -m multiport --sports 68 -m multiport --dports 67 -j ACCEPT [0:0] -A cali-wl-to-host -p udp -m comment --comment "cali:SzR8ejPiuXtFMS8B" -m multiport --dports 53 -j ACCEPT [17960608:3451258201] -A cali-wl-to-host -m comment --comment "cali:MEmlbCdco0Fefcrw" -j cali-from-wl-dispatch [0:0] -A cali-wl-to-host -m comment --comment "cali:Q2b2iY2M-vmds5iY" -m comment --comment "Configured DefaultEndpointToHostAction" -j RETURN COMMIT
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
Merging in as in P8652
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
Using dropwatch I get
jijiki awarded T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster a Pterodactyl token.
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
Some information in P8652
akosiaris added a comment to T226444: rack/setup/install ganeti400[123].
Yesterday
Yesterday
akosiaris moved T224857: Enhance MediaWiki deployments for support of php7.x from Doing to Externally Blocked on the serviceops board.
Fri, Jun 21
Fri, Jun 21
akosiaris added a comment to T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster.
After some mangling with iptables trying to figure out what is going on I 've managed to capture these packets (and their drops?) in iptables and log them
akosiaris moved T222795: Re-evaluate service-runner's (ab)use of statsd timing metric for nodejs GC stats from Backlog to Watched on the serviceops-radar board.
akosiaris edited projects for T222795: Re-evaluate service-runner's (ab)use of statsd timing metric for nodejs GC stats, added: serviceops-radar; removed serviceops.
akosiaris moved T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster from Backlog to Doing on the serviceops board.
akosiaris edited projects for T213564: Datacenter aware configs for EventGate topic prefixes, added: serviceops-radar; removed serviceops.
akosiaris edited projects for T215106: Enlarging the default thumb size on Dutch Wikipedia, added: serviceops-radar; removed serviceops.
akosiaris moved T224041: Kask functional testing with Cassandra via the Deployment Pipeline from Backlog to Next up on the serviceops board.
akosiaris edited projects for T224448: Gerrit http threads stuck behind sendemail thread, added: serviceops-radar; removed serviceops.
akosiaris moved T212935: SRE FY2019 Q3 goal: Increase reach of deployment pipeline from Backlog to Doing on the serviceops board.
akosiaris moved T219148: Use PHP7 to run all async jobs from Backlog to Next up on the serviceops board.
akosiaris moved T219127: SRE FY2019 Q4 goal: complete the transition to PHP7 from Backlog to Next up on the serviceops board.
akosiaris edited projects for T203963: Convert makevm to spicerack cookbook, added: serviceops-radar; removed serviceops.
akosiaris added a comment to T203963: Convert makevm to spicerack cookbook.
Should we close this? Is there anything left to be done?
akosiaris triaged T226237: Investigate outgoing discarded packets in the codfw kubernetes cluster as Low priority.
https://grafana.wikimedia.org/d/PRA2F67Zz/t226237?orgId=1 was created to help debug with this. It makes more clear that this are indeed outgoing ICMP redirects
akosiaris set Is Sprint to 0 on serviceops.
akosiaris moved T219148: Use PHP7 to run all async jobs from PHP7 migration: backlog to Backlog on the serviceops board.
akosiaris moved T219127: SRE FY2019 Q4 goal: complete the transition to PHP7 from PHP7 migration: backlog to Backlog on the serviceops board.
akosiaris moved T195392: Switch cronjobs on maintenance hosts to PHP7 from PHP7 migration: backlog to Backlog on the serviceops board.
akosiaris moved T220600: Remove PHP 7.0 from production application servers from PHP7 migration: backlog to Backlog on the serviceops board.
akosiaris moved T212828: SRE FY2019 Q3 goal: Ramp-up serving traffic to PHP 7 from PHP7 migration: backlog to Backlog on the serviceops board.
akosiaris moved T223469: New Service Request: wikifeeds from k8s / pipeline: backlog to Backlog on the serviceops board.
akosiaris moved T213193: Migrate changeprop to kubernetes from k8s / pipeline: backlog to Backlog on the serviceops board.
akosiaris moved T223953: Deploy the RESTBase front-end service (RESTRouter) to Kubernetes from k8s / pipeline: backlog to Backlog on the serviceops board.
akosiaris moved T220449: Split RESTBase in two services: storage service and API router/proxy from k8s / pipeline: backlog to Backlog on the serviceops board.
akosiaris moved T212935: SRE FY2019 Q3 goal: Increase reach of deployment pipeline from k8s / pipeline: backlog to Backlog on the serviceops board.
akosiaris moved T224917: Machine vision image metadata service from k8s / pipeline: backlog to Backlog on the serviceops board.
akosiaris moved T220399: Migrate cpjobqueue to kubernetes from k8s / pipeline: backlog to Backlog on the serviceops board.
akosiaris moved T225664: Internal deployment of open_nsfw-- image scoring service from k8s / pipeline: backlog to Backlog on the serviceops board.
akosiaris moved T223393: switch wikitech to PHP 7.2 from PHP7 migration: backlog to Backlog on the serviceops board.
Thu, Jun 20
Thu, Jun 20
akosiaris placed T104206: Provide a simple way to backup arbitrary files from instances up for grabs.
akosiaris added a comment to T177371: Phase out DSA keys for SSH access (ssh-dss).
@MoritzMuehlenhoff does the above still stand? Should we close this?
akosiaris added a comment to T210704: Migrate node-based services in production to node10.
akosiaris added a comment to T210704: Migrate node-based services in production to node10.
Wed, Jun 19
Wed, Jun 19
akosiaris added a comment to T212189: New Service Request: Wikidata Termbox SSR.
I 've noticed we are missing one thing. We have a dashboard for the service's metrics in https://grafana.wikimedia.org/d/AJf0z_7Wz/termbox but it looks like the service isn't sending request metrics to the local statsd instance. It is sending however memory and nodejs GC metrics which already appear in the graphs. service-runner already has code for it, see https://github.com/wikimedia/service-template-node/blob/a92cccea9df8af7bda315b4eb41495c95bbfbdad/lib/util.js#L98 for how to wrap the /termbox endpoint (or any other endpoint, wrapping /_info is also helpful) in order to have traffic, error and latency graphs (and consequently SLIs) for it.
akosiaris added a comment to T122676: Implement sentinel for ORES production Redis.
akosiaris committed rDEPLOYCHARTSdb7a0c10bf8a: Add forgotten citoid, mathoid, termbox helm packages (authored by akosiaris).
Add forgotten citoid, mathoid, termbox helm packages
akosiaris committed rDEPLOYCHARTS04321410c9de: citoid, mathoid, termbox: Switch GC metric to microseconds (authored by akosiaris).
citoid, mathoid, termbox: Switch GC metric to microseconds
Tue, Jun 18
Tue, Jun 18
akosiaris added a comment to T209109: Security model for session storage service.
curl -s -I -X GET 'http://termbox.discovery.wmnet:3030/termbox?editLink=%2Fedit%2FQ1347&preferredLanguages=de&language=de&entity=Q1&revision=103' HTTP/1.1 200 OK X-Powered-By: Express Content-Type: text/html; charset=utf-8 Content-Length: 1568 ETag: W/"620-MeNQXY3hfRVxLzBPruUZ418lGUc" Vary: Accept-Encoding Date: Tue, 18 Jun 2019 14:30:54 GMT Connection: keep-alive
akosiaris added a comment to T216605: Cannot assign user name "XXX" to account ####; name already in use..
Tue, Jun 11
Tue, Jun 11
akosiaris added a comment to T220402: Introduce wikidata termbox SSR to kubernetes.
Just as an FYI, everything looks ok on this end, but there's a train freeze this week, so we have to wait before deploying this. Patches are up and waiting to be merged on Monday the 17th
Fri, Jun 7
Fri, Jun 7
akosiaris added a comment to T220402: Introduce wikidata termbox SSR to kubernetes.
akosiaris added a comment to T224603: rack/setup/ codfw: ganeti2009 - ganeti201[0-8].
akosiaris added a comment to T220401: Introduce kask session storage service to kubernetes.
sessionstore.discovery.wmnet is now around and should be the canonical DNS used to address the service.
akosiaris added a comment to T199219: WDQS should use internal endpoint to communicate to Wikidata.
akosiaris added a comment to T220402: Introduce wikidata termbox SSR to kubernetes.
Indeed this was fixed. However another regression has crept up it's head
akosiaris added a comment to T220402: Introduce wikidata termbox SSR to kubernetes.
@Tarrow, @WMDE-leszek
Hi, sorry for taking so long to answer to this, it's been really busy.
Add termbox-0.0.2.tgz
akosiaris committed rDEPLOYCHARTSe8dea9de5556: termbox: Use newer ENV variables (authored by akosiaris).
termbox: Use newer ENV variables
Thu, Jun 6
Thu, Jun 6
akosiaris added a comment to T225064: post merge builds in citoid are failing.
Wed, Jun 5
Wed, Jun 5
akosiaris updated the task description for T198901: Migrate production services to kubernetes using the pipeline.
akosiaris updated the task description for T198901: Migrate production services to kubernetes using the pipeline.
akosiaris updated the task description for T198901: Migrate production services to kubernetes using the pipeline.
akosiaris added a comment to T198901: Migrate production services to kubernetes using the pipeline.
akosiaris updated the task description for T198901: Migrate production services to kubernetes using the pipeline.
akosiaris updated the task description for T198901: Migrate production services to kubernetes using the pipeline.
Tue, Jun 4
Tue, Jun 4
akosiaris added a comment to T199219: WDQS should use internal endpoint to communicate to Wikidata.
akosiaris added a comment to T199219: WDQS should use internal endpoint to communicate to Wikidata.
And LVS done today.
akosiaris committed rDEPLOYCHARTSe30c4a531ea8: kask: Actually ship affinity correctly (authored by akosiaris).
kask: Actually ship affinity correctly
akosiaris moved T210861: OTRS exposes session cookie in URLs from Pending patch / update to Resolved on the OTRS board.
akosiaris added a comment to T210861: OTRS exposes session cookie in URLs.
Patch has been applied to our own packages and has been deployed and tested. Marking this as resolved, thanks!
akosiaris added a comment to T210861: OTRS exposes session cookie in URLs.
Fix by upstream in https://github.com/OTRS/otrs/commit/7ab33e51a4db9f712e979040f644d0d0c39ff0af for 5.x (which we run). Has also been fixed in our package for OTRS in https://gerrit.wikimedia.org/r/#/c/operations/software/otrs/+/514230
Mon, Jun 3
Mon, Jun 3
akosiaris added a comment to T220401: Introduce kask session storage service to kubernetes.
Bump kask to 0.0.6
akosiaris committed rDEPLOYCHARTS7c7523a9deb1: kask: Add affinity/tolerations headings (authored by akosiaris).
kask: Add affinity/tolerations headings
Sat, Jun 1
Sat, Jun 1
akosiaris added a comment to T220401: Introduce kask session storage service to kubernetes.
Fri, May 31
Fri, May 31
akosiaris added a comment to T220401: Introduce kask session storage service to kubernetes.
One minor question. Given per T220401#5128786 1 kask instance is able to handle ~300req/s, how many instances will we require? I am unsure of the current rate of sessions requests to/from redis.
akosiaris added a comment to T224562: Decommission darmstadtium.
I think so, let's wait for @fsero though
akosiaris added a comment to T220401: Introduce kask session storage service to kubernetes.
And this uncovered now that prometheus can't talk to it (cause it expects HTTP I guess?). /me looking into it (more deeply this time around).
Bump kask version to 0.0.5
akosiaris committed rDEPLOYCHARTS8c9a98c92414: kask: prometheus scraping over HTTPS if TLS enabled (authored by akosiaris).
kask: prometheus scraping over HTTPS if TLS enabled
akosiaris committed rDEPLOYCHARTS50ccd6c54964: Fix typo in initialize_service.sh (authored by akosiaris).
Fix typo in initialize_service.sh
kask: Fix TLS certs checks