Last active
March 20, 2017 14:04
-
-
Save luksa/260f91515c9c9c3ba67499614abffa44 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo iptables --list -t nat -n | |
Chain PREROUTING (policy ACCEPT) | |
target prot opt source destination | |
KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL | |
Chain INPUT (policy ACCEPT) | |
target prot opt source destination | |
Chain OUTPUT (policy ACCEPT) | |
target prot opt source destination | |
KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ | |
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL | |
Chain POSTROUTING (policy ACCEPT) | |
target prot opt source destination | |
KUBE-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */ | |
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 | |
Chain DOCKER (2 references) | |
target prot opt source destination | |
RETURN all -- 0.0.0.0/0 0.0.0.0/0 | |
Chain KUBE-MARK-DROP (0 references) | |
target prot opt source destination | |
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000 | |
Chain KUBE-MARK-MASQ (8 references) | |
target prot opt source destination | |
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 | |
Chain KUBE-NODEPORTS (1 references) | |
target prot opt source destination | |
KUBE-MARK-MASQ tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ tcp dpt:30000 | |
KUBE-SVC-XGLOHA7QRQ3V22RZ tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ tcp dpt:30000 | |
Chain KUBE-POSTROUTING (1 references) | |
target prot opt source destination | |
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000 | |
Chain KUBE-SEP-2AMR4GNIYH7ZRQLQ (2 references) | |
target prot opt source destination | |
KUBE-MARK-MASQ all -- 10.0.2.15 0.0.0.0/0 /* default/kubernetes:https */ | |
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-2AMR4GNIYH7ZRQLQ side: source mask: 255.255.255.255 tcp to:10.0.2.15:8443 | |
Chain KUBE-SEP-5YDXDEK4G6R44KYW (1 references) | |
target prot opt source destination | |
KUBE-MARK-MASQ all -- 172.17.0.2 0.0.0.0/0 /* default/kubia: */ | |
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ tcp to:172.17.0.2:8080 | |
Chain KUBE-SEP-65576RQCY3UGLIWA (1 references) | |
target prot opt source destination | |
KUBE-MARK-MASQ all -- 172.17.0.5 0.0.0.0/0 /* default/kubia: */ | |
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ tcp to:172.17.0.5:8080 | |
Chain KUBE-SEP-7A24ZR7CMRAAUHS3 (1 references) | |
target prot opt source destination | |
KUBE-MARK-MASQ all -- 172.17.0.7 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ | |
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ tcp to:172.17.0.7:9090 | |
Chain KUBE-SEP-KSEXFMWMRI5G7WZJ (1 references) | |
target prot opt source destination | |
KUBE-MARK-MASQ all -- 172.17.0.8 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ | |
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:172.17.0.8:53 | |
Chain KUBE-SEP-PERL6L2Q363TRRKS (1 references) | |
target prot opt source destination | |
KUBE-MARK-MASQ all -- 172.17.0.6 0.0.0.0/0 /* default/kubia: */ | |
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ tcp to:172.17.0.6:8080 | |
Chain KUBE-SEP-VMQQTFLPA6MBD6DO (1 references) | |
target prot opt source destination | |
KUBE-MARK-MASQ all -- 172.17.0.8 0.0.0.0/0 /* kube-system/kube-dns:dns */ | |
DNAT udp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:172.17.0.8:53 | |
Chain KUBE-SERVICES (2 references) | |
target prot opt source destination | |
KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- 0.0.0.0/0 10.0.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 | |
KUBE-SVC-TCOU7JCQXEZGVUNU udp -- 0.0.0.0/0 10.0.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 | |
KUBE-SVC-L5EAUEZ74VZL5GSC tcp -- 0.0.0.0/0 10.0.0.238 /* default/kubia: cluster IP */ tcp dpt:80 | |
KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- 0.0.0.0/0 10.0.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 | |
KUBE-SVC-XGLOHA7QRQ3V22RZ tcp -- 0.0.0.0/0 10.0.0.192 /* kube-system/kubernetes-dashboard: cluster IP */ tcp dpt:80 | |
KUBE-NODEPORTS all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL | |
Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references) | |
target prot opt source destination | |
KUBE-SEP-KSEXFMWMRI5G7WZJ all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ | |
Chain KUBE-SVC-L5EAUEZ74VZL5GSC (1 references) | |
target prot opt source destination | |
KUBE-SEP-5YDXDEK4G6R44KYW all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ statistic mode random probability 0.33332999982 | |
KUBE-SEP-65576RQCY3UGLIWA all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ statistic mode random probability 0.50000000000 | |
KUBE-SEP-PERL6L2Q363TRRKS all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubia: */ | |
Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references) | |
target prot opt source destination | |
KUBE-SEP-2AMR4GNIYH7ZRQLQ all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-2AMR4GNIYH7ZRQLQ side: source mask: 255.255.255.255 | |
KUBE-SEP-2AMR4GNIYH7ZRQLQ all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ | |
Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references) | |
target prot opt source destination | |
KUBE-SEP-VMQQTFLPA6MBD6DO all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ | |
Chain KUBE-SVC-XGLOHA7QRQ3V22RZ (2 references) | |
target prot opt source destination | |
KUBE-SEP-7A24ZR7CMRAAUHS3 all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kubernetes-dashboard: */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment