# Generated by iptables-save v1.8.5 on Tue Nov 18 13:56:14 2025
*raw
:PREROUTING ACCEPT [1308244442:1705358917244]
:OUTPUT ACCEPT [355352866:434871030689]
-A PREROUTING -p udp -m devgroup --src-group 0x9 -j CT --notrack
COMMIT
# Completed on Tue Nov 18 13:56:14 2025
# Generated by iptables-save v1.8.5 on Tue Nov 18 13:56:14 2025
*nat
:PREROUTING ACCEPT [255552:15407368]
:INPUT ACCEPT [104547:5753852]
:POSTROUTING ACCEPT [5000193:265049975]
:OUTPUT ACCEPT [5000222:265052569]
:KUBE-KUBELET-CANARY - [0:0]
:CNI-f6a66a481497036de9b80865 - [0:0]
:CNI-cfe95ad5b35431ea18dcaf00 - [0:0]
:CNI-bc369d2e020ee4a30034e2c5 - [0:0]
:CNI-227018b320ec4213feb3d89a - [0:0]
:CNI-1ba524f67df5b87760706b35 - [0:0]
:CNI-26a828c2befb9e29784413ad - [0:0]
:CNI-3166a0cb3a24487ae768f691 - [0:0]
:CNI-a7c0478ef23daa3977689f35 - [0:0]
:CNI-02499cb039255cd2cc65ed0b - [0:0]
:CNI-7784e2a6d46df48c3cd03fa9 - [0:0]
:CNI-1b0588591a71d7ba618a10ae - [0:0]
:CNI-df58f2f2149d5ec36e32ead8 - [0:0]
:KUBE-PROXY-CANARY - [0:0]
:KUBE-SERVICES - [0:0]
:KUBE-POSTROUTING - [0:0]
:KUBE-NODEPORTS - [0:0]
:KUBE-MARK-MASQ - [0:0]
:KUBE-SVC-AWA2CQSXVI7X2GE5 - [0:0]
:KUBE-SEP-YBV6HMIC4TBUX4QL - [0:0]
:KUBE-SVC-2KV3DNZ2YAVG5RPU - [0:0]
:KUBE-SEP-I4SXHCV7PXAEFELP - [0:0]
:KUBE-EXT-5TWCFXZSE3DSS6UE - [0:0]
:KUBE-SVC-5TWCFXZSE3DSS6UE - [0:0]
:KUBE-SEP-7N3V5CZI4VGGUY3D - [0:0]
:KUBE-SVC-YV3PCBEYUWFYV73Q - [0:0]
:KUBE-SEP-SHYQV56QPS2S6OYQ - [0:0]
:KUBE-SVC-QAL3Z3BTM7MNNY5F - [0:0]
:KUBE-SEP-JSPWBRNRADCR2AZQ - [0:0]
:KUBE-SVC-5OJBRSYQ3VQGJDOR - [0:0]
:KUBE-SEP-JEKUPQEES64RULQS - [0:0]
:KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0]
:KUBE-SEP-ZJFXY6IWE2LITJAE - [0:0]
:KUBE-SVC-OCTDZMNFALJS2YV3 - [0:0]
:KUBE-SEP-HMWMSIX7QSXSGYES - [0:0]
:KUBE-SVC-4GCQP7GTYLI53KTV - [0:0]
:KUBE-SEP-ZR7D45HHA74U4Z34 - [0:0]
:KUBE-SVC-UDWFXO6VTRGBKM46 - [0:0]
:KUBE-SEP-EH3EVYAW2MUOZYZI - [0:0]
:KUBE-SVC-3BP4CBHGYLDNDHE4 - [0:0]
:KUBE-SEP-MRRTKDBNLRLUHYIU - [0:0]
:KUBE-SVC-4HQ2X6RJ753IMQ2F - [0:0]
:KUBE-SEP-HKIIZMYW2Y4Y5YSD - [0:0]
:CNI-e09831504e5f3bf327c6482d - [0:0]
:KUBE-SVC-JD5MR3NA4I4DYORP - [0:0]
:KUBE-SEP-VZC2CGR2EW2ALMZL - [0:0]
:KUBE-SVC-ERIFXISQEP7F7OF4 - [0:0]
:KUBE-SEP-PJQQ76S35LHLIP2K - [0:0]
:KUBE-SVC-TCOU7JCQXEZGVUNU - [0:0]
:KUBE-SEP-SEW6ILDBOXHLW5E6 - [0:0]
:CNI-72a66ab3fe1ace34487b38f4 - [0:0]
:CNI-72a79b7004736511195403c1 - [0:0]
:KUBE-SVC-DDM6KSYRE745LMEU - [0:0]
:KUBE-SEP-KJTFMPCHQXQNYSMW - [0:0]
:KUBE-SVC-V72DFOHTD3XWEMCQ - [0:0]
:KUBE-SEP-PWPTCRS4I54Z7N3V - [0:0]
:CNI-ca622ba959418dc479897f47 - [0:0]
:KUBE-SVC-PPZUWVU7EVNLDNJH - [0:0]
:KUBE-SEP-5V7NICHJH53FTOYV - [0:0]
:KUBE-SVC-3WB5HF6GHWTGD5QP - [0:0]
:KUBE-SEP-NKCKHHG7X3QKQCKY - [0:0]
:KUBE-SVC-IFO32E4YIRUTZPGJ - [0:0]
:KUBE-SEP-ZYLLFIPXFOOFWELU - [0:0]
:KUBE-SVC-JQXDKIAOCVL6RDGC - [0:0]
:KUBE-SEP-T2FBOEEFNMOBI37E - [0:0]
:CNI-28fd2e5140703993f44ee432 - [0:0]
:CNI-0ce611945157efd7bd4cb14d - [0:0]
:CNI-a8e58a2cfaf30ec6814b7280 - [0:0]
:KUBE-SVC-GT6U4T6ZDI3Y2LJM - [0:0]
:KUBE-SEP-3WL72JBQ5Q4CS2YH - [0:0]
:KUBE-SVC-KPHFLMV3JAZFDPSR - [0:0]
:KUBE-SEP-7B7EKW7EDEB3UVPF - [0:0]
:KUBE-SVC-Z3KGGCFDXYX5RBHM - [0:0]
:KUBE-SEP-VLKD5TYSJRXBJDPZ - [0:0]
:KUBE-SVC-GLZH3Y3G6I6TVPS4 - [0:0]
:KUBE-SEP-JQJCNC3DNQZUO7CW - [0:0]
:KUBE-SVC-MTA5KSHU4PDHD6HY - [0:0]
:KUBE-SEP-OZS47EILGOMVIFAB - [0:0]
:KUBE-SVC-DTCGNQDGBBSP4ELK - [0:0]
:KUBE-SEP-R746WMYLQ3NP4CHE - [0:0]
:KUBE-SVC-GL6TCTWDYIIY6QZL - [0:0]
:KUBE-SEP-W4EIQ76YBZJTDNFT - [0:0]
:KUBE-EXT-ZWRIFHS3WZKRE4LP - [0:0]
:KUBE-SVC-ZWRIFHS3WZKRE4LP - [0:0]
:KUBE-SEP-WQRYVUHQNZTYXQKO - [0:0]
:KUBE-SVC-KX4MR7USJKV3FZWH - [0:0]
:KUBE-SEP-PIF6VH62F63V63XT - [0:0]
:KUBE-SVC-TZCO54F7Y4ZC56VO - [0:0]
:KUBE-SEP-HRGEWUF5P6S5QLB6 - [0:0]
:KUBE-EXT-BIK54PEHKSKG26QE - [0:0]
:KUBE-SVC-BIK54PEHKSKG26QE - [0:0]
:KUBE-SEP-KQ4ZJHJ2WLDOWXUP - [0:0]
:KUBE-SVC-BPEIO6BUT63IIDKU - [0:0]
:KUBE-SEP-TKRG3EUVHTNMJS36 - [0:0]
:CNI-e21e25874684534a56cedb67 - [0:0]
:CNI-295034648dcadd4507c306a9 - [0:0]
:KUBE-SVC-N7FF4AZN6ABHG7LX - [0:0]
:KUBE-SEP-P7TNUTJGZFCU4NBV - [0:0]
:KUBE-SVC-4IWDM63VV4CTSCB4 - [0:0]
:KUBE-SEP-TDJENGKLRZGC7LGZ - [0:0]
:KUBE-SVC-7IU64XNEO5CE7M6Y - [0:0]
:KUBE-SEP-VLBCDHDKW3OL3NWO - [0:0]
:KUBE-SVC-4QYW4SRVIILWME7I - [0:0]
:KUBE-SEP-P35DCWCTJVAASTM3 - [0:0]
:CNI-e9c5fcdecab043dd6c03946a - [0:0]
:CNI-21f0070cd08f695c17e950b1 - [0:0]
:CNI-2659eaf5d8c653899294a7c9 - [0:0]
:CNI-12d28111927a6a9c6656a203 - [0:0]
:CNI-126e26d02bfac58b864c4534 - [0:0]
:KUBE-SVC-42YVHJO2JWGVSQCP - [0:0]
:KUBE-SEP-OHTEMYUDBFEN6PYU - [0:0]
:KUBE-SVC-Z5JKJMV6WZPPF7I4 - [0:0]
:KUBE-SEP-2KL4WFMWLDKTMP3R - [0:0]
:KUBE-SVC-S7ZR6SRPCG2SUCKD - [0:0]
:KUBE-SEP-J6DZFU7C6XQVL25C - [0:0]
:KUBE-SVC-XKE6S5LMTXBZYB2O - [0:0]
:KUBE-SEP-RSDYPZF7KCXVMVEI - [0:0]
:KUBE-SVC-U5QHTUBWV5QSLHBQ - [0:0]
:KUBE-SEP-NPXPYIPKDXNSIQM4 - [0:0]
:KUBE-SVC-2ODQQN5RYAG7INH7 - [0:0]
:KUBE-SEP-WDG4TJIUKXBZGSTM - [0:0]
:KUBE-SVC-JMRXQXR4IS7ITEPA - [0:0]
:KUBE-SEP-SMHPYTYTEDRFNMS4 - [0:0]
:KUBE-SVC-XMAJGCQWZKCDG5HZ - [0:0]
:KUBE-SEP-FQYI7JOBNZHE6H7T - [0:0]
:KUBE-SVC-ONMPPE6EKYAUZB42 - [0:0]
:KUBE-SEP-RR3I5AA3GMW3N27J - [0:0]
:KUBE-SVC-VIHIPWZB3JUDL6R3 - [0:0]
:KUBE-SEP-KBQTMTUCCKSH4I2Y - [0:0]
:KUBE-SVC-P5YIOAF22U7S4CBW - [0:0]
:KUBE-SEP-ID5SBZL7PKXYDW2M - [0:0]
:KUBE-SVC-EPM2TQ4DEYPWUKY4 - [0:0]
:KUBE-SEP-BC7X6ZJP2YZEWFFG - [0:0]
:KUBE-SVC-UQJOFU6Z7JK2ZU7X - [0:0]
:KUBE-SEP-AOIMN4QFVFNRSGM4 - [0:0]
:KUBE-SVC-NOV7YL5QQDYXAGJG - [0:0]
:KUBE-SEP-GE27C67GZBMLIY66 - [0:0]
:KUBE-SVC-3HHQII33HHMJ2PTU - [0:0]
:KUBE-SEP-RIF7SDKNDPHGXTOQ - [0:0]
:KUBE-SVC-4IBCJHQ4KUY4VCZ2 - [0:0]
:KUBE-SEP-6BTNHEXPDFV7RSJV - [0:0]
:KUBE-SVC-IYPP263IJDMIB5QJ - [0:0]
:KUBE-SEP-3MBTRCKLZKIFMIWT - [0:0]
:CNI-de56d6114fd588fe5df4fedd - [0:0]
:KUBE-EXT-GWCCZM4RXSULONHS - [0:0]
:KUBE-SVC-GWCCZM4RXSULONHS - [0:0]
:KUBE-SEP-TQUFUH2PWEHMKOKN - [0:0]
:KUBE-EXT-HX2LA6JNM6GNNHU3 - [0:0]
:KUBE-SVC-HX2LA6JNM6GNNHU3 - [0:0]
:KUBE-SEP-PWJ73JADQVQGOKOV - [0:0]
:KUBE-SVC-KCOWRBV76QE7D3XH - [0:0]
:KUBE-SEP-G72LXE4RUWDR2TU4 - [0:0]
:KUBE-SVC-WHXFPKONIQ62INZ7 - [0:0]
:KUBE-SEP-22J7XKD6Q52MHUP6 - [0:0]
:KUBE-SVC-MEKGXXYAXVUOEBCV - [0:0]
:KUBE-SEP-EZGPPRIUTAL5XWYI - [0:0]
:KUBE-SVC-NAMSTJQKLC3S4OWG - [0:0]
:KUBE-SEP-EMS26V6FS7LCC6NT - [0:0]
:KUBE-SVC-TKRJTT6AEOUKON5B - [0:0]
:KUBE-SEP-AQPSH5A6RHQP2TCL - [0:0]
:KUBE-EXT-44FQG5JMGB6XKYOK - [0:0]
:KUBE-SVC-44FQG5JMGB6XKYOK - [0:0]
:KUBE-SEP-STPY7SVDDNK3MKUM - [0:0]
:KUBE-SVC-Z3XYRULMR3NPC2II - [0:0]
:KUBE-SEP-2O5HYQSMWLYKEINC - [0:0]
:KUBE-SVC-MERHNWTJS7GAOGNO - [0:0]
:KUBE-SEP-7F5Y4AW6GKK4NN2G - [0:0]
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING
-A POSTROUTING -s 198.51.100.2/32 -m comment --comment "name: \"bridge\" id: \"97fe6cf2172869acf381caf38e9c77a80dd4ffb5ec9ffd342bb1297327a0c61c\"" -j CNI-bc369d2e020ee4a30034e2c5
-A POSTROUTING -s 198.51.100.3/32 -m comment --comment "name: \"bridge\" id: \"122f73268927d80259bbcdb7f8459c557a41c549eed251b9c19c06ea29fb9f3c\"" -j CNI-cfe95ad5b35431ea18dcaf00
-A POSTROUTING -s 198.51.100.5/32 -m comment --comment "name: \"bridge\" id: \"f4065ad589e13db0b84c7391204b93094e65cb429fb782299eb826113accb8ea\"" -j CNI-f6a66a481497036de9b80865
-A POSTROUTING -s 198.51.100.4/32 -m comment --comment "name: \"bridge\" id: \"9b7ebe191af1caee7c18acca4db8ef2c3c671c90ebed84dda923eaa5e4f16cad\"" -j CNI-227018b320ec4213feb3d89a
-A POSTROUTING -s 198.51.100.6/32 -m comment --comment "name: \"bridge\" id: \"82b42c91685186661522be88ab242d1fdfde63fc80e20d245e230c4a43b91076\"" -j CNI-1ba524f67df5b87760706b35
-A POSTROUTING -s 198.51.100.7/32 -m comment --comment "name: \"bridge\" id: \"d47371732f56f14f031e0b7b210ea0c0947efe1c4bf8fa70b5e0c3ebb888ecfa\"" -j CNI-26a828c2befb9e29784413ad
-A POSTROUTING -s 198.51.100.8/32 -m comment --comment "name: \"bridge\" id: \"bd5c5cd2d6fdb3330412b7f2a136f6c40255e3f17d2e12cb4e727dbadb0715a2\"" -j CNI-3166a0cb3a24487ae768f691
-A POSTROUTING -s 198.51.100.9/32 -m comment --comment "name: \"bridge\" id: \"e32dbeb647266922c1ed7cbf28d0793f5eb1684ee8ea9245e799311514fddcf8\"" -j CNI-a7c0478ef23daa3977689f35
-A POSTROUTING -s 198.51.100.10/32 -m comment --comment "name: \"bridge\" id: \"945e7003246f1d85e24f7367e5a3332fcc3bfe456f7f7b9fcc12cd5399d0ed27\"" -j CNI-02499cb039255cd2cc65ed0b
-A POSTROUTING -s 198.51.100.11/32 -m comment --comment "name: \"bridge\" id: \"d11743e05135a6b7daa52339ed04bbac1981ffc8018794fe1c83b1da7b182e49\"" -j CNI-7784e2a6d46df48c3cd03fa9
-A POSTROUTING -s 198.51.100.12/32 -m comment --comment "name: \"bridge\" id: \"4410a4c85c7991ba762df13284942daddcb3f54a86de129e666c5728aaaa401c\"" -j CNI-1b0588591a71d7ba618a10ae
-A POSTROUTING -s 198.51.100.13/32 -m comment --comment "name: \"bridge\" id: \"bb8f9aba5a9cfe49eda5b1007ecac6c2228462f77806cb7801aa820df7b2f0a4\"" -j CNI-df58f2f2149d5ec36e32ead8
-A POSTROUTING -s 198.51.100.14/32 -m comment --comment "name: \"bridge\" id: \"0d7155d211873ab9dd56c492ca84a6e4b4923853bba2d738ec0b87355cd4d5c7\"" -j CNI-e09831504e5f3bf327c6482d
-A POSTROUTING -s 198.51.100.15/32 -m comment --comment "name: \"bridge\" id: \"7df7db3e64340a5a722340e86d3ff57667247c0af41c3901b967d7282dcabb82\"" -j CNI-72a66ab3fe1ace34487b38f4
-A POSTROUTING -s 198.51.100.16/32 -m comment --comment "name: \"bridge\" id: \"77a2d3f8700f25d768cab0b31d993da60466e1cfeb0c21451e503ba6b4caa4f0\"" -j CNI-72a79b7004736511195403c1
-A POSTROUTING -s 198.51.100.17/32 -m comment --comment "name: \"bridge\" id: \"048a23daccd11173da5ccd3aed2475ac58bd2f5c48e564c56d3867c90e407e8b\"" -j CNI-ca622ba959418dc479897f47
-A POSTROUTING -s 198.51.100.18/32 -m comment --comment "name: \"bridge\" id: \"bdd3f0371b20c26eabbf8c0c7141ac0992f046ae3f8d0673711e30a1078f8c0d\"" -j CNI-28fd2e5140703993f44ee432
-A POSTROUTING -s 198.51.100.19/32 -m comment --comment "name: \"bridge\" id: \"1d580c48cbcd18e29e222541f0507c3fb28987d91d35b55bd98d39e7d7c21917\"" -j CNI-0ce611945157efd7bd4cb14d
-A POSTROUTING -s 198.51.100.20/32 -m comment --comment "name: \"bridge\" id: \"86235cf3a3f9e3cfc02fc7f4888ecb5e3cfa9c0ec97e426d2ae1ce316b32c197\"" -j CNI-a8e58a2cfaf30ec6814b7280
-A POSTROUTING -s 198.51.100.21/32 -m comment --comment "name: \"bridge\" id: \"088d676e25b836ba1cad2c6a51c82f123437319e49f2e76950f72abfe9bf1927\"" -j CNI-e21e25874684534a56cedb67
-A POSTROUTING -s 198.51.100.22/32 -m comment --comment "name: \"bridge\" id: \"722977738813a4b4dba7b54d441862d21d5970ae817c4d9a8ce4634487fc6687\"" -j CNI-295034648dcadd4507c306a9
-A POSTROUTING -s 198.51.100.23/32 -m comment --comment "name: \"bridge\" id: \"68567ef6b45f1055433d0f3e6fbcd064ef9bb98190dd051f69fd12cff808e30f\"" -j CNI-e9c5fcdecab043dd6c03946a
-A POSTROUTING -s 198.51.100.24/32 -m comment --comment "name: \"bridge\" id: \"4756130fd5ad708a904a99a0cad190c227812ba5f85f488054b470d5d9ab4fbb\"" -j CNI-21f0070cd08f695c17e950b1
-A POSTROUTING -s 198.51.100.26/32 -m comment --comment "name: \"bridge\" id: \"ecb389f6e488e34ee05de07d5ba0b6a865880613de9512f762d02a25ef996982\"" -j CNI-12d28111927a6a9c6656a203
-A POSTROUTING -s 198.51.100.25/32 -m comment --comment "name: \"bridge\" id: \"103288724dcc47b7a997f0c219c0fad5d24fe11321d3a9fbfa04ba4763764450\"" -j CNI-2659eaf5d8c653899294a7c9
-A POSTROUTING -s 198.51.100.27/32 -m comment --comment "name: \"bridge\" id: \"8c433fb4c3fc17ad704bf6e54b939e9997d87dd176929ea899a6a96130f63b4f\"" -j CNI-126e26d02bfac58b864c4534
-A POSTROUTING -s 198.51.100.28/32 -m comment --comment "name: \"bridge\" id: \"6ae50f2a676c640e423edd4d4bf7cff29770d8a9e82293d7113d8fcef8912e53\"" -j CNI-de56d6114fd588fe5df4fedd
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A CNI-f6a66a481497036de9b80865 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"f4065ad589e13db0b84c7391204b93094e65cb429fb782299eb826113accb8ea\"" -j ACCEPT
-A CNI-f6a66a481497036de9b80865 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"f4065ad589e13db0b84c7391204b93094e65cb429fb782299eb826113accb8ea\"" -j MASQUERADE
-A CNI-cfe95ad5b35431ea18dcaf00 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"122f73268927d80259bbcdb7f8459c557a41c549eed251b9c19c06ea29fb9f3c\"" -j ACCEPT
-A CNI-cfe95ad5b35431ea18dcaf00 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"122f73268927d80259bbcdb7f8459c557a41c549eed251b9c19c06ea29fb9f3c\"" -j MASQUERADE
-A CNI-bc369d2e020ee4a30034e2c5 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"97fe6cf2172869acf381caf38e9c77a80dd4ffb5ec9ffd342bb1297327a0c61c\"" -j ACCEPT
-A CNI-bc369d2e020ee4a30034e2c5 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"97fe6cf2172869acf381caf38e9c77a80dd4ffb5ec9ffd342bb1297327a0c61c\"" -j MASQUERADE
-A CNI-227018b320ec4213feb3d89a -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"9b7ebe191af1caee7c18acca4db8ef2c3c671c90ebed84dda923eaa5e4f16cad\"" -j ACCEPT
-A CNI-227018b320ec4213feb3d89a ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"9b7ebe191af1caee7c18acca4db8ef2c3c671c90ebed84dda923eaa5e4f16cad\"" -j MASQUERADE
-A CNI-1ba524f67df5b87760706b35 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"82b42c91685186661522be88ab242d1fdfde63fc80e20d245e230c4a43b91076\"" -j ACCEPT
-A CNI-1ba524f67df5b87760706b35 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"82b42c91685186661522be88ab242d1fdfde63fc80e20d245e230c4a43b91076\"" -j MASQUERADE
-A CNI-26a828c2befb9e29784413ad -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"d47371732f56f14f031e0b7b210ea0c0947efe1c4bf8fa70b5e0c3ebb888ecfa\"" -j ACCEPT
-A CNI-26a828c2befb9e29784413ad ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"d47371732f56f14f031e0b7b210ea0c0947efe1c4bf8fa70b5e0c3ebb888ecfa\"" -j MASQUERADE
-A CNI-3166a0cb3a24487ae768f691 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"bd5c5cd2d6fdb3330412b7f2a136f6c40255e3f17d2e12cb4e727dbadb0715a2\"" -j ACCEPT
-A CNI-3166a0cb3a24487ae768f691 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"bd5c5cd2d6fdb3330412b7f2a136f6c40255e3f17d2e12cb4e727dbadb0715a2\"" -j MASQUERADE
-A CNI-a7c0478ef23daa3977689f35 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"e32dbeb647266922c1ed7cbf28d0793f5eb1684ee8ea9245e799311514fddcf8\"" -j ACCEPT
-A CNI-a7c0478ef23daa3977689f35 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"e32dbeb647266922c1ed7cbf28d0793f5eb1684ee8ea9245e799311514fddcf8\"" -j MASQUERADE
-A CNI-02499cb039255cd2cc65ed0b -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"945e7003246f1d85e24f7367e5a3332fcc3bfe456f7f7b9fcc12cd5399d0ed27\"" -j ACCEPT
-A CNI-02499cb039255cd2cc65ed0b ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"945e7003246f1d85e24f7367e5a3332fcc3bfe456f7f7b9fcc12cd5399d0ed27\"" -j MASQUERADE
-A CNI-7784e2a6d46df48c3cd03fa9 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"d11743e05135a6b7daa52339ed04bbac1981ffc8018794fe1c83b1da7b182e49\"" -j ACCEPT
-A CNI-7784e2a6d46df48c3cd03fa9 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"d11743e05135a6b7daa52339ed04bbac1981ffc8018794fe1c83b1da7b182e49\"" -j MASQUERADE
-A CNI-1b0588591a71d7ba618a10ae -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"4410a4c85c7991ba762df13284942daddcb3f54a86de129e666c5728aaaa401c\"" -j ACCEPT
-A CNI-1b0588591a71d7ba618a10ae ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"4410a4c85c7991ba762df13284942daddcb3f54a86de129e666c5728aaaa401c\"" -j MASQUERADE
-A CNI-df58f2f2149d5ec36e32ead8 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"bb8f9aba5a9cfe49eda5b1007ecac6c2228462f77806cb7801aa820df7b2f0a4\"" -j ACCEPT
-A CNI-df58f2f2149d5ec36e32ead8 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"bb8f9aba5a9cfe49eda5b1007ecac6c2228462f77806cb7801aa820df7b2f0a4\"" -j MASQUERADE
-A KUBE-SERVICES -d 203.0.113.120/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard cluster IP" -m tcp --dport 443 -j KUBE-SVC-4HQ2X6RJ753IMQ2F
-A KUBE-SERVICES -d 203.0.113.62/32 -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:velocimeter-port cluster IP" -m tcp --dport 38099 -j KUBE-SVC-ONMPPE6EKYAUZB42
-A KUBE-SERVICES -d 203.0.113.153/32 -p tcp -m comment --comment "cluster1/esam-pois:esam-translator cluster IP" -m tcp --dport 9999 -j KUBE-SVC-U5QHTUBWV5QSLHBQ
-A KUBE-SERVICES -d 203.0.113.100/32 -p tcp -m comment --comment "cluster1/uoe-mds-external:egress cluster IP" -m tcp --dport 20202 -j KUBE-SVC-GWCCZM4RXSULONHS
-A KUBE-SERVICES -d 203.0.113.65/32 -p tcp -m comment --comment "cluster1/emmg-server-external:emmg-server-external-emmg cluster IP" -m tcp --dport 4971 -j KUBE-SVC-5TWCFXZSE3DSS6UE
-A KUBE-SERVICES -d 203.0.113.111/32 -p tcp -m comment --comment "cluster1/atm:atm-metrics cluster IP" -m tcp --dport 11113 -j KUBE-SVC-XKE6S5LMTXBZYB2O
-A KUBE-SERVICES -d 203.0.113.150/32 -p tcp -m comment --comment "cluster1/emmg-server:emmg-server-mux cluster IP" -m tcp --dport 1516 -j KUBE-SVC-YV3PCBEYUWFYV73Q
-A KUBE-SERVICES -d 203.0.113.125/32 -p tcp -m comment --comment "cluster1/nmi-service:nmi cluster IP" -m tcp --dport 8955 -j KUBE-SVC-QAL3Z3BTM7MNNY5F
-A KUBE-SERVICES -d 203.0.113.178/32 -p tcp -m comment --comment "cluster1/logstash:http-in cluster IP" -m tcp --dport 8080 -j KUBE-SVC-GLZH3Y3G6I6TVPS4
-A KUBE-SERVICES -d 203.0.113.189/32 -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:web-port cluster IP" -m tcp --dport 8099 -j KUBE-SVC-3HHQII33HHMJ2PTU
-A KUBE-SERVICES -d 203.0.113.62/32 -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:tmd-port cluster IP" -m tcp --dport 31812 -j KUBE-SVC-VIHIPWZB3JUDL6R3
-A KUBE-SERVICES -d 203.0.113.72/32 -p tcp -m comment --comment "cluster1/vosha:eis cluster IP" -m tcp --dport 1515 -j KUBE-SVC-BPEIO6BUT63IIDKU
-A KUBE-SERVICES -d 203.0.113.135/32 -p tcp -m comment --comment "monitoring/kube-prometheus-grafana:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-5OJBRSYQ3VQGJDOR
-A KUBE-SERVICES -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:mds-stat cluster IP" -m tcp --dport 20204 -j KUBE-SVC-KCOWRBV76QE7D3XH
-A KUBE-SERVICES -d 203.0.113.75/32 -p tcp -m comment --comment "cluster1/tmd-control-external:tmd-control cluster IP" -m tcp --dport 9120 -j KUBE-SVC-44FQG5JMGB6XKYOK
-A KUBE-SERVICES -d 203.0.113.128/32 -p tcp -m comment --comment "cluster1/mediautils:http-api cluster IP" -m tcp --dport 80 -j KUBE-SVC-4IWDM63VV4CTSCB4
-A KUBE-SERVICES -d 203.0.113.240/32 -p tcp -m comment --comment "cluster1/tmd-control:tmd-control cluster IP" -m tcp --dport 9120 -j KUBE-SVC-Z3XYRULMR3NPC2II
-A KUBE-SERVICES -d 203.0.113.62/32 -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:web-port cluster IP" -m tcp --dport 8099 -j KUBE-SVC-P5YIOAF22U7S4CBW
-A KUBE-SERVICES -d 203.0.113.35/32 -p tcp -m comment --comment "cluster1/zookeeper:client cluster IP" -m tcp --dport 2181 -j KUBE-SVC-UDWFXO6VTRGBKM46
-A KUBE-SERVICES -d 203.0.113.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SERVICES -d 203.0.113.132/32 -p tcp -m comment --comment "cluster1/asset-acquisition-proxy:egress cluster IP" -m tcp --dport 80 -j KUBE-SVC-OCTDZMNFALJS2YV3
-A KUBE-SERVICES -d 203.0.113.10/32 -p tcp -m comment --comment "kube-system/kube-dns:metrics cluster IP" -m tcp --dport 9153 -j KUBE-SVC-JD5MR3NA4I4DYORP
-A KUBE-SERVICES -d 203.0.113.178/32 -p tcp -m comment --comment "cluster1/logstash:logstash-in cluster IP" -m tcp --dport 5044 -j KUBE-SVC-MTA5KSHU4PDHD6HY
-A KUBE-SERVICES -d 203.0.113.189/32 -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:tmd-port cluster IP" -m tcp --dport 31812 -j KUBE-SVC-4IBCJHQ4KUY4VCZ2
-A KUBE-SERVICES -d 203.0.113.189/32 -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:velocimeter-port cluster IP" -m tcp --dport 38099 -j KUBE-SVC-IYPP263IJDMIB5QJ
-A KUBE-SERVICES -d 203.0.113.72/32 -p tcp -m comment --comment "cluster1/vosha:active-active-grpc cluster IP" -m tcp --dport 50055 -j KUBE-SVC-DTCGNQDGBBSP4ELK
-A KUBE-SERVICES -d 203.0.113.111/32 -p tcp -m comment --comment "cluster1/atm:atm cluster IP" -m tcp --dport 11111 -j KUBE-SVC-S7ZR6SRPCG2SUCKD
-A KUBE-SERVICES -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:monitoring cluster IP" -m tcp --dport 20209 -j KUBE-SVC-WHXFPKONIQ62INZ7
-A KUBE-SERVICES -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:egress cluster IP" -m tcp --dport 20202 -j KUBE-SVC-MEKGXXYAXVUOEBCV
-A KUBE-SERVICES -d 203.0.113.100/32 -p tcp -m comment --comment "cluster1/uoe-mds-external:egress-https cluster IP" -m tcp --dport 20212 -j KUBE-SVC-HX2LA6JNM6GNNHU3
-A KUBE-SERVICES -d 203.0.113.72/32 -p tcp -m comment --comment "cluster1/vosha:aa-grpc cluster IP" -m tcp --dport 8781 -j KUBE-SVC-GL6TCTWDYIIY6QZL
-A KUBE-SERVICES -d 203.0.113.197/32 -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:web-port cluster IP" -m tcp --dport 8099 -j KUBE-SVC-UQJOFU6Z7JK2ZU7X
-A KUBE-SERVICES -d 203.0.113.67/32 -p tcp -m comment --comment "cluster1/elasticsearch:elasticsearch cluster IP" -m tcp --dport 9200 -j KUBE-SVC-JQXDKIAOCVL6RDGC
-A KUBE-SERVICES -d 203.0.113.181/32 -p tcp -m comment --comment "cluster1/pgdb:pgdb-backup-restore cluster IP" -m tcp --dport 5438 -j KUBE-SVC-V72DFOHTD3XWEMCQ
-A KUBE-SERVICES -d 203.0.113.37/32 -p tcp -m comment --comment "kube-system/dashboard-metrics-scraper cluster IP" -m tcp --dport 8000 -j KUBE-SVC-4GCQP7GTYLI53KTV
-A KUBE-SERVICES -d 203.0.113.197/32 -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:tmd-port cluster IP" -m tcp --dport 31812 -j KUBE-SVC-EPM2TQ4DEYPWUKY4
-A KUBE-SERVICES -d 203.0.113.20/32 -p tcp -m comment --comment "monitoring/prometheus-k8s:reloader-web cluster IP" -m tcp --dport 8080 -j KUBE-SVC-3WB5HF6GHWTGD5QP
-A KUBE-SERVICES -d 203.0.113.128/32 -p tcp -m comment --comment "cluster1/mediautils:https-api cluster IP" -m tcp --dport 443 -j KUBE-SVC-N7FF4AZN6ABHG7LX
-A KUBE-SERVICES -d 203.0.113.78/32 -p tcp -m comment --comment "cluster1/vosha-node-port:akka cluster IP" -m tcp --dport 2500 -j KUBE-SVC-ZWRIFHS3WZKRE4LP
-A KUBE-SERVICES -d 203.0.113.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
-A KUBE-SERVICES -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:alloy cluster IP" -m tcp --dport 12345 -j KUBE-SVC-NAMSTJQKLC3S4OWG
-A KUBE-SERVICES -d 203.0.113.153/32 -p tcp -m comment --comment "cluster1/esam-pois:esam-translator-external cluster IP" -m tcp --dport 19999 -j KUBE-SVC-JMRXQXR4IS7ITEPA
-A KUBE-SERVICES -d 203.0.113.72/32 -p tcp -m comment --comment "cluster1/vosha:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-KX4MR7USJKV3FZWH
-A KUBE-SERVICES -d 203.0.113.72/32 -p udp -m comment --comment "cluster1/vosha:snmp cluster IP" -m udp --dport 161 -j KUBE-SVC-TZCO54F7Y4ZC56VO
-A KUBE-SERVICES -d 203.0.113.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
-A KUBE-SERVICES -d 203.0.113.178/32 -p tcp -m comment --comment "cluster1/logstash:logstash cluster IP" -m tcp --dport 4560 -j KUBE-SVC-GT6U4T6ZDI3Y2LJM
-A KUBE-SERVICES -d 203.0.113.197/32 -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:velocimeter-port cluster IP" -m tcp --dport 38099 -j KUBE-SVC-NOV7YL5QQDYXAGJG
-A KUBE-SERVICES -d 203.0.113.144/32 -p tcp -m comment --comment "cluster1/exhibitor:exhibitor cluster IP" -m tcp --dport 8081 -j KUBE-SVC-3BP4CBHGYLDNDHE4
-A KUBE-SERVICES -d 203.0.113.153/32 -p tcp -m comment --comment "cluster1/esam-pois:esam-pois-oob cluster IP" -m tcp --dport 9823 -j KUBE-SVC-2ODQQN5RYAG7INH7
-A KUBE-SERVICES -d 203.0.113.104/32 -p tcp -m comment --comment "cluster1/fileutils:http-api cluster IP" -m tcp --dport 80 -j KUBE-SVC-7IU64XNEO5CE7M6Y
-A KUBE-SERVICES -d 203.0.113.244/32 -p tcp -m comment --comment "cluster1/minio-service cluster IP" -m tcp --dport 9000 -j KUBE-SVC-PPZUWVU7EVNLDNJH
-A KUBE-SERVICES -d 203.0.113.239/32 -p tcp -m comment --comment "monitoring/grafana:http cluster IP" -m tcp --dport 3000 -j KUBE-SVC-AWA2CQSXVI7X2GE5
-A KUBE-SERVICES -d 203.0.113.121/32 -p tcp -m comment --comment "cluster1/casd:casd-admin cluster IP" -m tcp --dport 1482 -j KUBE-SVC-XMAJGCQWZKCDG5HZ
-A KUBE-SERVICES -d 203.0.113.172/32 -p tcp -m comment --comment "cluster1/asset-operator:asset-mgmt-api cluster IP" -m tcp --dport 20207 -j KUBE-SVC-42YVHJO2JWGVSQCP
-A KUBE-SERVICES -d 203.0.113.172/32 -p tcp -m comment --comment "cluster1/asset-operator:asset-mgmt-grpc cluster IP" -m tcp --dport 20208 -j KUBE-SVC-Z5JKJMV6WZPPF7I4
-A KUBE-SERVICES -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:egress-https cluster IP" -m tcp --dport 20212 -j KUBE-SVC-TKRJTT6AEOUKON5B
-A KUBE-SERVICES -d 203.0.113.20/32 -p tcp -m comment --comment "monitoring/prometheus-k8s:web cluster IP" -m tcp --dport 9090 -j KUBE-SVC-IFO32E4YIRUTZPGJ
-A KUBE-SERVICES -d 203.0.113.78/32 -p tcp -m comment --comment "cluster1/vosha-node-port:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-BIK54PEHKSKG26QE
-A KUBE-SERVICES -d 203.0.113.155/32 -p tcp -m comment --comment "cluster1/kibana:kibana cluster IP" -m tcp --dport 5601 -j KUBE-SVC-KPHFLMV3JAZFDPSR
-A KUBE-SERVICES -d 203.0.113.237/32 -p tcp -m comment --comment "cluster1/simulcrypt:simulcrypt-mux cluster IP" -m tcp --dport 1515 -j KUBE-SVC-MERHNWTJS7GAOGNO
-A KUBE-SERVICES -d 203.0.113.178/32 -p tcp -m comment --comment "cluster1/logstash:logshipper cluster IP" -m tcp --dport 5514 -j KUBE-SVC-Z3KGGCFDXYX5RBHM
-A KUBE-SERVICES -d 203.0.113.143/32 -p tcp -m comment --comment "cluster1/xos-upgrade-rollback:rest-api cluster IP" -m tcp --dport 8080 -j KUBE-SVC-2KV3DNZ2YAVG5RPU
-A KUBE-SERVICES -d 203.0.113.181/32 -p tcp -m comment --comment "cluster1/pgdb:pgdb cluster IP" -m tcp --dport 5432 -j KUBE-SVC-DDM6KSYRE745LMEU
-A KUBE-SERVICES -d 203.0.113.104/32 -p tcp -m comment --comment "cluster1/fileutils:https-api cluster IP" -m tcp --dport 443 -j KUBE-SVC-4QYW4SRVIILWME7I
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
-A KUBE-POSTROUTING -m mark ! --mark 0x4000/0x4000 -j RETURN
-A KUBE-POSTROUTING -j MARK --set-xmark 0x4000/0x0
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -j MASQUERADE --random-fully
-A KUBE-NODEPORTS -p tcp -m comment --comment "cluster1/uoe-mds-external:egress" -m tcp --dport 20202 -j KUBE-EXT-GWCCZM4RXSULONHS
-A KUBE-NODEPORTS -p tcp -m comment --comment "cluster1/emmg-server-external:emmg-server-external-emmg" -m tcp --dport 32462 -j KUBE-EXT-5TWCFXZSE3DSS6UE
-A KUBE-NODEPORTS -p tcp -m comment --comment "cluster1/tmd-control-external:tmd-control" -m tcp --dport 9120 -j KUBE-EXT-44FQG5JMGB6XKYOK
-A KUBE-NODEPORTS -p tcp -m comment --comment "cluster1/uoe-mds-external:egress-https" -m tcp --dport 20212 -j KUBE-EXT-HX2LA6JNM6GNNHU3
-A KUBE-NODEPORTS -p tcp -m comment --comment "cluster1/vosha-node-port:akka" -m tcp --dport 32500 -j KUBE-EXT-ZWRIFHS3WZKRE4LP
-A KUBE-NODEPORTS -p tcp -m comment --comment "cluster1/vosha-node-port:https" -m tcp --dport 44343 -j KUBE-EXT-BIK54PEHKSKG26QE
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
-A KUBE-SVC-AWA2CQSXVI7X2GE5 ! -s 198.51.100.0/24 -d 203.0.113.239/32 -p tcp -m comment --comment "monitoring/grafana:http cluster IP" -m tcp --dport 3000 -j KUBE-MARK-MASQ
-A KUBE-SVC-AWA2CQSXVI7X2GE5 -m comment --comment "monitoring/grafana:http -> 198.51.100.12:3000" -j KUBE-SEP-YBV6HMIC4TBUX4QL
-A KUBE-SEP-YBV6HMIC4TBUX4QL -s 198.51.100.12/32 -m comment --comment "monitoring/grafana:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-YBV6HMIC4TBUX4QL -p tcp -m comment --comment "monitoring/grafana:http" -m tcp -j DNAT --to-destination 198.51.100.12:3000
-A KUBE-SVC-2KV3DNZ2YAVG5RPU ! -s 198.51.100.0/24 -d 203.0.113.143/32 -p tcp -m comment --comment "cluster1/xos-upgrade-rollback:rest-api cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ
-A KUBE-SVC-2KV3DNZ2YAVG5RPU -m comment --comment "cluster1/xos-upgrade-rollback:rest-api -> 198.51.100.10:8080" -j KUBE-SEP-I4SXHCV7PXAEFELP
-A KUBE-SEP-I4SXHCV7PXAEFELP -s 198.51.100.10/32 -m comment --comment "cluster1/xos-upgrade-rollback:rest-api" -j KUBE-MARK-MASQ
-A KUBE-SEP-I4SXHCV7PXAEFELP -p tcp -m comment --comment "cluster1/xos-upgrade-rollback:rest-api" -m tcp -j DNAT --to-destination 198.51.100.10:8080
-A KUBE-EXT-5TWCFXZSE3DSS6UE -m comment --comment "masquerade traffic for cluster1/emmg-server-external:emmg-server-external-emmg external destinations" -j KUBE-MARK-MASQ
-A KUBE-EXT-5TWCFXZSE3DSS6UE -j KUBE-SVC-5TWCFXZSE3DSS6UE
-A KUBE-SVC-5TWCFXZSE3DSS6UE ! -s 198.51.100.0/24 -d 203.0.113.65/32 -p tcp -m comment --comment "cluster1/emmg-server-external:emmg-server-external-emmg cluster IP" -m tcp --dport 4971 -j KUBE-MARK-MASQ
-A KUBE-SVC-5TWCFXZSE3DSS6UE -m comment --comment "cluster1/emmg-server-external:emmg-server-external-emmg -> 198.51.100.6:4971" -j KUBE-SEP-7N3V5CZI4VGGUY3D
-A KUBE-SEP-7N3V5CZI4VGGUY3D -s 198.51.100.6/32 -m comment --comment "cluster1/emmg-server-external:emmg-server-external-emmg" -j KUBE-MARK-MASQ
-A KUBE-SEP-7N3V5CZI4VGGUY3D -p tcp -m comment --comment "cluster1/emmg-server-external:emmg-server-external-emmg" -m tcp -j DNAT --to-destination 198.51.100.6:4971
-A KUBE-SVC-YV3PCBEYUWFYV73Q ! -s 198.51.100.0/24 -d 203.0.113.150/32 -p tcp -m comment --comment "cluster1/emmg-server:emmg-server-mux cluster IP" -m tcp --dport 1516 -j KUBE-MARK-MASQ
-A KUBE-SVC-YV3PCBEYUWFYV73Q -m comment --comment "cluster1/emmg-server:emmg-server-mux -> 198.51.100.6:1516" -j KUBE-SEP-SHYQV56QPS2S6OYQ
-A KUBE-SEP-SHYQV56QPS2S6OYQ -s 198.51.100.6/32 -m comment --comment "cluster1/emmg-server:emmg-server-mux" -j KUBE-MARK-MASQ
-A KUBE-SEP-SHYQV56QPS2S6OYQ -p tcp -m comment --comment "cluster1/emmg-server:emmg-server-mux" -m tcp -j DNAT --to-destination 198.51.100.6:1516
-A KUBE-SVC-QAL3Z3BTM7MNNY5F ! -s 198.51.100.0/24 -d 203.0.113.125/32 -p tcp -m comment --comment "cluster1/nmi-service:nmi cluster IP" -m tcp --dport 8955 -j KUBE-MARK-MASQ
-A KUBE-SVC-QAL3Z3BTM7MNNY5F -m comment --comment "cluster1/nmi-service:nmi -> 192.0.2.248:9955" -j KUBE-SEP-JSPWBRNRADCR2AZQ
-A KUBE-SEP-JSPWBRNRADCR2AZQ -s 192.0.2.248/32 -m comment --comment "cluster1/nmi-service:nmi" -j KUBE-MARK-MASQ
-A KUBE-SEP-JSPWBRNRADCR2AZQ -p tcp -m comment --comment "cluster1/nmi-service:nmi" -m tcp -j DNAT --to-destination 192.0.2.248:9955
-A KUBE-SVC-5OJBRSYQ3VQGJDOR ! -s 198.51.100.0/24 -d 203.0.113.135/32 -p tcp -m comment --comment "monitoring/kube-prometheus-grafana:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SVC-5OJBRSYQ3VQGJDOR -m comment --comment "monitoring/kube-prometheus-grafana:http -> 198.51.100.12:3000" -j KUBE-SEP-JEKUPQEES64RULQS
-A KUBE-SEP-JEKUPQEES64RULQS -s 198.51.100.12/32 -m comment --comment "monitoring/kube-prometheus-grafana:http" -j KUBE-MARK-MASQ
-A KUBE-SEP-JEKUPQEES64RULQS -p tcp -m comment --comment "monitoring/kube-prometheus-grafana:http" -m tcp -j DNAT --to-destination 198.51.100.12:3000
-A KUBE-SVC-NPX46M4PTMTKRN6Y ! -s 198.51.100.0/24 -d 203.0.113.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https -> 192.0.2.248:6443" -j KUBE-SEP-ZJFXY6IWE2LITJAE
-A KUBE-SEP-ZJFXY6IWE2LITJAE -s 192.0.2.248/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZJFXY6IWE2LITJAE -p tcp -m comment --comment "default/kubernetes:https" -m tcp -j DNAT --to-destination 192.0.2.248:6443
-A KUBE-SVC-OCTDZMNFALJS2YV3 ! -s 198.51.100.0/24 -d 203.0.113.132/32 -p tcp -m comment --comment "cluster1/asset-acquisition-proxy:egress cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SVC-OCTDZMNFALJS2YV3 -m comment --comment "cluster1/asset-acquisition-proxy:egress -> 198.51.100.8:8080" -j KUBE-SEP-HMWMSIX7QSXSGYES
-A KUBE-SEP-HMWMSIX7QSXSGYES -s 198.51.100.8/32 -m comment --comment "cluster1/asset-acquisition-proxy:egress" -j KUBE-MARK-MASQ
-A KUBE-SEP-HMWMSIX7QSXSGYES -p tcp -m comment --comment "cluster1/asset-acquisition-proxy:egress" -m tcp -j DNAT --to-destination 198.51.100.8:8080
-A KUBE-SVC-4GCQP7GTYLI53KTV ! -s 198.51.100.0/24 -d 203.0.113.37/32 -p tcp -m comment --comment "kube-system/dashboard-metrics-scraper cluster IP" -m tcp --dport 8000 -j KUBE-MARK-MASQ
-A KUBE-SVC-4GCQP7GTYLI53KTV -m comment --comment "kube-system/dashboard-metrics-scraper -> 198.51.100.3:8000" -j KUBE-SEP-ZR7D45HHA74U4Z34
-A KUBE-SEP-ZR7D45HHA74U4Z34 -s 198.51.100.3/32 -m comment --comment "kube-system/dashboard-metrics-scraper" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZR7D45HHA74U4Z34 -p tcp -m comment --comment "kube-system/dashboard-metrics-scraper" -m tcp -j DNAT --to-destination 198.51.100.3:8000
-A KUBE-SVC-UDWFXO6VTRGBKM46 ! -s 198.51.100.0/24 -d 203.0.113.35/32 -p tcp -m comment --comment "cluster1/zookeeper:client cluster IP" -m tcp --dport 2181 -j KUBE-MARK-MASQ
-A KUBE-SVC-UDWFXO6VTRGBKM46 -m comment --comment "cluster1/zookeeper:client -> 198.51.100.11:2181" -j KUBE-SEP-EH3EVYAW2MUOZYZI
-A KUBE-SEP-EH3EVYAW2MUOZYZI -s 198.51.100.11/32 -m comment --comment "cluster1/zookeeper:client" -j KUBE-MARK-MASQ
-A KUBE-SEP-EH3EVYAW2MUOZYZI -p tcp -m comment --comment "cluster1/zookeeper:client" -m tcp -j DNAT --to-destination 198.51.100.11:2181
-A KUBE-SVC-3BP4CBHGYLDNDHE4 ! -s 198.51.100.0/24 -d 203.0.113.144/32 -p tcp -m comment --comment "cluster1/exhibitor:exhibitor cluster IP" -m tcp --dport 8081 -j KUBE-MARK-MASQ
-A KUBE-SVC-3BP4CBHGYLDNDHE4 -m comment --comment "cluster1/exhibitor:exhibitor -> 198.51.100.11:8081" -j KUBE-SEP-MRRTKDBNLRLUHYIU
-A KUBE-SEP-MRRTKDBNLRLUHYIU -s 198.51.100.11/32 -m comment --comment "cluster1/exhibitor:exhibitor" -j KUBE-MARK-MASQ
-A KUBE-SEP-MRRTKDBNLRLUHYIU -p tcp -m comment --comment "cluster1/exhibitor:exhibitor" -m tcp -j DNAT --to-destination 198.51.100.11:8081
-A KUBE-SVC-4HQ2X6RJ753IMQ2F ! -s 198.51.100.0/24 -d 203.0.113.120/32 -p tcp -m comment --comment "kube-system/kubernetes-dashboard cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SVC-4HQ2X6RJ753IMQ2F -m comment --comment "kube-system/kubernetes-dashboard -> 198.51.100.5:8443" -j KUBE-SEP-HKIIZMYW2Y4Y5YSD
-A KUBE-SEP-HKIIZMYW2Y4Y5YSD -s 198.51.100.5/32 -m comment --comment "kube-system/kubernetes-dashboard" -j KUBE-MARK-MASQ
-A KUBE-SEP-HKIIZMYW2Y4Y5YSD -p tcp -m comment --comment "kube-system/kubernetes-dashboard" -m tcp -j DNAT --to-destination 198.51.100.5:8443
-A CNI-e09831504e5f3bf327c6482d -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"0d7155d211873ab9dd56c492ca84a6e4b4923853bba2d738ec0b87355cd4d5c7\"" -j ACCEPT
-A CNI-e09831504e5f3bf327c6482d ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"0d7155d211873ab9dd56c492ca84a6e4b4923853bba2d738ec0b87355cd4d5c7\"" -j MASQUERADE
-A KUBE-SVC-JD5MR3NA4I4DYORP ! -s 198.51.100.0/24 -d 203.0.113.10/32 -p tcp -m comment --comment "kube-system/kube-dns:metrics cluster IP" -m tcp --dport 9153 -j KUBE-MARK-MASQ
-A KUBE-SVC-JD5MR3NA4I4DYORP -m comment --comment "kube-system/kube-dns:metrics -> 198.51.100.4:9153" -j KUBE-SEP-VZC2CGR2EW2ALMZL
-A KUBE-SEP-VZC2CGR2EW2ALMZL -s 198.51.100.4/32 -m comment --comment "kube-system/kube-dns:metrics" -j KUBE-MARK-MASQ
-A KUBE-SEP-VZC2CGR2EW2ALMZL -p tcp -m comment --comment "kube-system/kube-dns:metrics" -m tcp -j DNAT --to-destination 198.51.100.4:9153
-A KUBE-SVC-ERIFXISQEP7F7OF4 ! -s 198.51.100.0/24 -d 203.0.113.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp -> 198.51.100.4:53" -j KUBE-SEP-PJQQ76S35LHLIP2K
-A KUBE-SEP-PJQQ76S35LHLIP2K -s 198.51.100.4/32 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-PJQQ76S35LHLIP2K -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 198.51.100.4:53
-A KUBE-SVC-TCOU7JCQXEZGVUNU ! -s 198.51.100.0/24 -d 203.0.113.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns -> 198.51.100.4:53" -j KUBE-SEP-SEW6ILDBOXHLW5E6
-A KUBE-SEP-SEW6ILDBOXHLW5E6 -s 198.51.100.4/32 -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-SEW6ILDBOXHLW5E6 -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 198.51.100.4:53
-A CNI-72a66ab3fe1ace34487b38f4 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"7df7db3e64340a5a722340e86d3ff57667247c0af41c3901b967d7282dcabb82\"" -j ACCEPT
-A CNI-72a66ab3fe1ace34487b38f4 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"7df7db3e64340a5a722340e86d3ff57667247c0af41c3901b967d7282dcabb82\"" -j MASQUERADE
-A CNI-72a79b7004736511195403c1 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"77a2d3f8700f25d768cab0b31d993da60466e1cfeb0c21451e503ba6b4caa4f0\"" -j ACCEPT
-A CNI-72a79b7004736511195403c1 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"77a2d3f8700f25d768cab0b31d993da60466e1cfeb0c21451e503ba6b4caa4f0\"" -j MASQUERADE
-A KUBE-SVC-DDM6KSYRE745LMEU ! -s 198.51.100.0/24 -d 203.0.113.181/32 -p tcp -m comment --comment "cluster1/pgdb:pgdb cluster IP" -m tcp --dport 5432 -j KUBE-MARK-MASQ
-A KUBE-SVC-DDM6KSYRE745LMEU -m comment --comment "cluster1/pgdb:pgdb -> 198.51.100.16:5432" -j KUBE-SEP-KJTFMPCHQXQNYSMW
-A KUBE-SEP-KJTFMPCHQXQNYSMW -s 198.51.100.16/32 -m comment --comment "cluster1/pgdb:pgdb" -j KUBE-MARK-MASQ
-A KUBE-SEP-KJTFMPCHQXQNYSMW -p tcp -m comment --comment "cluster1/pgdb:pgdb" -m tcp -j DNAT --to-destination 198.51.100.16:5432
-A KUBE-SVC-V72DFOHTD3XWEMCQ ! -s 198.51.100.0/24 -d 203.0.113.181/32 -p tcp -m comment --comment "cluster1/pgdb:pgdb-backup-restore cluster IP" -m tcp --dport 5438 -j KUBE-MARK-MASQ
-A KUBE-SVC-V72DFOHTD3XWEMCQ -m comment --comment "cluster1/pgdb:pgdb-backup-restore -> 198.51.100.16:5438" -j KUBE-SEP-PWPTCRS4I54Z7N3V
-A KUBE-SEP-PWPTCRS4I54Z7N3V -s 198.51.100.16/32 -m comment --comment "cluster1/pgdb:pgdb-backup-restore" -j KUBE-MARK-MASQ
-A KUBE-SEP-PWPTCRS4I54Z7N3V -p tcp -m comment --comment "cluster1/pgdb:pgdb-backup-restore" -m tcp -j DNAT --to-destination 198.51.100.16:5438
-A CNI-ca622ba959418dc479897f47 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"048a23daccd11173da5ccd3aed2475ac58bd2f5c48e564c56d3867c90e407e8b\"" -j ACCEPT
-A CNI-ca622ba959418dc479897f47 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"048a23daccd11173da5ccd3aed2475ac58bd2f5c48e564c56d3867c90e407e8b\"" -j MASQUERADE
-A KUBE-SVC-PPZUWVU7EVNLDNJH ! -s 198.51.100.0/24 -d 203.0.113.244/32 -p tcp -m comment --comment "cluster1/minio-service cluster IP" -m tcp --dport 9000 -j KUBE-MARK-MASQ
-A KUBE-SVC-PPZUWVU7EVNLDNJH -m comment --comment "cluster1/minio-service -> 198.51.100.17:9000" -j KUBE-SEP-5V7NICHJH53FTOYV
-A KUBE-SEP-5V7NICHJH53FTOYV -s 198.51.100.17/32 -m comment --comment "cluster1/minio-service" -j KUBE-MARK-MASQ
-A KUBE-SEP-5V7NICHJH53FTOYV -p tcp -m comment --comment "cluster1/minio-service" -m tcp -j DNAT --to-destination 198.51.100.17:9000
-A KUBE-SVC-3WB5HF6GHWTGD5QP ! -s 198.51.100.0/24 -d 203.0.113.20/32 -p tcp -m comment --comment "monitoring/prometheus-k8s:reloader-web cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ
-A KUBE-SVC-3WB5HF6GHWTGD5QP -m comment --comment "monitoring/prometheus-k8s:reloader-web -> 198.51.100.14:8080" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-NKCKHHG7X3QKQCKY --mask 255.255.255.255 --rsource -j KUBE-SEP-NKCKHHG7X3QKQCKY
-A KUBE-SVC-3WB5HF6GHWTGD5QP -m comment --comment "monitoring/prometheus-k8s:reloader-web -> 198.51.100.14:8080" -j KUBE-SEP-NKCKHHG7X3QKQCKY
-A KUBE-SEP-NKCKHHG7X3QKQCKY -s 198.51.100.14/32 -m comment --comment "monitoring/prometheus-k8s:reloader-web" -j KUBE-MARK-MASQ
-A KUBE-SEP-NKCKHHG7X3QKQCKY -p tcp -m comment --comment "monitoring/prometheus-k8s:reloader-web" -m recent --set --name KUBE-SEP-NKCKHHG7X3QKQCKY --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 198.51.100.14:8080
-A KUBE-SVC-IFO32E4YIRUTZPGJ ! -s 198.51.100.0/24 -d 203.0.113.20/32 -p tcp -m comment --comment "monitoring/prometheus-k8s:web cluster IP" -m tcp --dport 9090 -j KUBE-MARK-MASQ
-A KUBE-SVC-IFO32E4YIRUTZPGJ -m comment --comment "monitoring/prometheus-k8s:web -> 198.51.100.14:9090" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-ZYLLFIPXFOOFWELU --mask 255.255.255.255 --rsource -j KUBE-SEP-ZYLLFIPXFOOFWELU
-A KUBE-SVC-IFO32E4YIRUTZPGJ -m comment --comment "monitoring/prometheus-k8s:web -> 198.51.100.14:9090" -j KUBE-SEP-ZYLLFIPXFOOFWELU
-A KUBE-SEP-ZYLLFIPXFOOFWELU -s 198.51.100.14/32 -m comment --comment "monitoring/prometheus-k8s:web" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZYLLFIPXFOOFWELU -p tcp -m comment --comment "monitoring/prometheus-k8s:web" -m recent --set --name KUBE-SEP-ZYLLFIPXFOOFWELU --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 198.51.100.14:9090
-A KUBE-SVC-JQXDKIAOCVL6RDGC ! -s 198.51.100.0/24 -d 203.0.113.67/32 -p tcp -m comment --comment "cluster1/elasticsearch:elasticsearch cluster IP" -m tcp --dport 9200 -j KUBE-MARK-MASQ
-A KUBE-SVC-JQXDKIAOCVL6RDGC -m comment --comment "cluster1/elasticsearch:elasticsearch -> 198.51.100.15:9200" -j KUBE-SEP-T2FBOEEFNMOBI37E
-A KUBE-SEP-T2FBOEEFNMOBI37E -s 198.51.100.15/32 -m comment --comment "cluster1/elasticsearch:elasticsearch" -j KUBE-MARK-MASQ
-A KUBE-SEP-T2FBOEEFNMOBI37E -p tcp -m comment --comment "cluster1/elasticsearch:elasticsearch" -m tcp -j DNAT --to-destination 198.51.100.15:9200
-A CNI-28fd2e5140703993f44ee432 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"bdd3f0371b20c26eabbf8c0c7141ac0992f046ae3f8d0673711e30a1078f8c0d\"" -j ACCEPT
-A CNI-28fd2e5140703993f44ee432 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"bdd3f0371b20c26eabbf8c0c7141ac0992f046ae3f8d0673711e30a1078f8c0d\"" -j MASQUERADE
-A CNI-0ce611945157efd7bd4cb14d -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"1d580c48cbcd18e29e222541f0507c3fb28987d91d35b55bd98d39e7d7c21917\"" -j ACCEPT
-A CNI-0ce611945157efd7bd4cb14d ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"1d580c48cbcd18e29e222541f0507c3fb28987d91d35b55bd98d39e7d7c21917\"" -j MASQUERADE
-A CNI-a8e58a2cfaf30ec6814b7280 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"86235cf3a3f9e3cfc02fc7f4888ecb5e3cfa9c0ec97e426d2ae1ce316b32c197\"" -j ACCEPT
-A CNI-a8e58a2cfaf30ec6814b7280 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"86235cf3a3f9e3cfc02fc7f4888ecb5e3cfa9c0ec97e426d2ae1ce316b32c197\"" -j MASQUERADE
-A KUBE-SVC-GT6U4T6ZDI3Y2LJM ! -s 198.51.100.0/24 -d 203.0.113.178/32 -p tcp -m comment --comment "cluster1/logstash:logstash cluster IP" -m tcp --dport 4560 -j KUBE-MARK-MASQ
-A KUBE-SVC-GT6U4T6ZDI3Y2LJM -m comment --comment "cluster1/logstash:logstash -> 198.51.100.18:4560" -j KUBE-SEP-3WL72JBQ5Q4CS2YH
-A KUBE-SEP-3WL72JBQ5Q4CS2YH -s 198.51.100.18/32 -m comment --comment "cluster1/logstash:logstash" -j KUBE-MARK-MASQ
-A KUBE-SEP-3WL72JBQ5Q4CS2YH -p tcp -m comment --comment "cluster1/logstash:logstash" -m tcp -j DNAT --to-destination 198.51.100.18:4560
-A KUBE-SVC-KPHFLMV3JAZFDPSR ! -s 198.51.100.0/24 -d 203.0.113.155/32 -p tcp -m comment --comment "cluster1/kibana:kibana cluster IP" -m tcp --dport 5601 -j KUBE-MARK-MASQ
-A KUBE-SVC-KPHFLMV3JAZFDPSR -m comment --comment "cluster1/kibana:kibana -> 198.51.100.19:5601" -j KUBE-SEP-7B7EKW7EDEB3UVPF
-A KUBE-SEP-7B7EKW7EDEB3UVPF -s 198.51.100.19/32 -m comment --comment "cluster1/kibana:kibana" -j KUBE-MARK-MASQ
-A KUBE-SEP-7B7EKW7EDEB3UVPF -p tcp -m comment --comment "cluster1/kibana:kibana" -m tcp -j DNAT --to-destination 198.51.100.19:5601
-A KUBE-SVC-Z3KGGCFDXYX5RBHM ! -s 198.51.100.0/24 -d 203.0.113.178/32 -p tcp -m comment --comment "cluster1/logstash:logshipper cluster IP" -m tcp --dport 5514 -j KUBE-MARK-MASQ
-A KUBE-SVC-Z3KGGCFDXYX5RBHM -m comment --comment "cluster1/logstash:logshipper -> 198.51.100.18:5514" -j KUBE-SEP-VLKD5TYSJRXBJDPZ
-A KUBE-SEP-VLKD5TYSJRXBJDPZ -s 198.51.100.18/32 -m comment --comment "cluster1/logstash:logshipper" -j KUBE-MARK-MASQ
-A KUBE-SEP-VLKD5TYSJRXBJDPZ -p tcp -m comment --comment "cluster1/logstash:logshipper" -m tcp -j DNAT --to-destination 198.51.100.18:5514
-A KUBE-SVC-GLZH3Y3G6I6TVPS4 ! -s 198.51.100.0/24 -d 203.0.113.178/32 -p tcp -m comment --comment "cluster1/logstash:http-in cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ
-A KUBE-SVC-GLZH3Y3G6I6TVPS4 -m comment --comment "cluster1/logstash:http-in -> 198.51.100.18:8080" -j KUBE-SEP-JQJCNC3DNQZUO7CW
-A KUBE-SEP-JQJCNC3DNQZUO7CW -s 198.51.100.18/32 -m comment --comment "cluster1/logstash:http-in" -j KUBE-MARK-MASQ
-A KUBE-SEP-JQJCNC3DNQZUO7CW -p tcp -m comment --comment "cluster1/logstash:http-in" -m tcp -j DNAT --to-destination 198.51.100.18:8080
-A KUBE-SVC-MTA5KSHU4PDHD6HY ! -s 198.51.100.0/24 -d 203.0.113.178/32 -p tcp -m comment --comment "cluster1/logstash:logstash-in cluster IP" -m tcp --dport 5044 -j KUBE-MARK-MASQ
-A KUBE-SVC-MTA5KSHU4PDHD6HY -m comment --comment "cluster1/logstash:logstash-in -> 198.51.100.18:5044" -j KUBE-SEP-OZS47EILGOMVIFAB
-A KUBE-SEP-OZS47EILGOMVIFAB -s 198.51.100.18/32 -m comment --comment "cluster1/logstash:logstash-in" -j KUBE-MARK-MASQ
-A KUBE-SEP-OZS47EILGOMVIFAB -p tcp -m comment --comment "cluster1/logstash:logstash-in" -m tcp -j DNAT --to-destination 198.51.100.18:5044
-A KUBE-SVC-DTCGNQDGBBSP4ELK ! -s 198.51.100.0/24 -d 203.0.113.72/32 -p tcp -m comment --comment "cluster1/vosha:active-active-grpc cluster IP" -m tcp --dport 50055 -j KUBE-MARK-MASQ
-A KUBE-SVC-DTCGNQDGBBSP4ELK -m comment --comment "cluster1/vosha:active-active-grpc -> 198.51.100.20:50055" -j KUBE-SEP-R746WMYLQ3NP4CHE
-A KUBE-SEP-R746WMYLQ3NP4CHE -s 198.51.100.20/32 -m comment --comment "cluster1/vosha:active-active-grpc" -j KUBE-MARK-MASQ
-A KUBE-SEP-R746WMYLQ3NP4CHE -p tcp -m comment --comment "cluster1/vosha:active-active-grpc" -m tcp -j DNAT --to-destination 198.51.100.20:50055
-A KUBE-SVC-GL6TCTWDYIIY6QZL ! -s 198.51.100.0/24 -d 203.0.113.72/32 -p tcp -m comment --comment "cluster1/vosha:aa-grpc cluster IP" -m tcp --dport 8781 -j KUBE-MARK-MASQ
-A KUBE-SVC-GL6TCTWDYIIY6QZL -m comment --comment "cluster1/vosha:aa-grpc -> 198.51.100.20:8781" -j KUBE-SEP-W4EIQ76YBZJTDNFT
-A KUBE-SEP-W4EIQ76YBZJTDNFT -s 198.51.100.20/32 -m comment --comment "cluster1/vosha:aa-grpc" -j KUBE-MARK-MASQ
-A KUBE-SEP-W4EIQ76YBZJTDNFT -p tcp -m comment --comment "cluster1/vosha:aa-grpc" -m tcp -j DNAT --to-destination 198.51.100.20:8781
-A KUBE-EXT-ZWRIFHS3WZKRE4LP -m comment --comment "masquerade traffic for cluster1/vosha-node-port:akka external destinations" -j KUBE-MARK-MASQ
-A KUBE-EXT-ZWRIFHS3WZKRE4LP -j KUBE-SVC-ZWRIFHS3WZKRE4LP
-A KUBE-SVC-ZWRIFHS3WZKRE4LP ! -s 198.51.100.0/24 -d 203.0.113.78/32 -p tcp -m comment --comment "cluster1/vosha-node-port:akka cluster IP" -m tcp --dport 2500 -j KUBE-MARK-MASQ
-A KUBE-SVC-ZWRIFHS3WZKRE4LP -m comment --comment "cluster1/vosha-node-port:akka -> 198.51.100.20:2500" -j KUBE-SEP-WQRYVUHQNZTYXQKO
-A KUBE-SEP-WQRYVUHQNZTYXQKO -s 198.51.100.20/32 -m comment --comment "cluster1/vosha-node-port:akka" -j KUBE-MARK-MASQ
-A KUBE-SEP-WQRYVUHQNZTYXQKO -p tcp -m comment --comment "cluster1/vosha-node-port:akka" -m tcp -j DNAT --to-destination 198.51.100.20:2500
-A KUBE-SVC-KX4MR7USJKV3FZWH ! -s 198.51.100.0/24 -d 203.0.113.72/32 -p tcp -m comment --comment "cluster1/vosha:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SVC-KX4MR7USJKV3FZWH -m comment --comment "cluster1/vosha:https -> 198.51.100.20:443" -j KUBE-SEP-PIF6VH62F63V63XT
-A KUBE-SEP-PIF6VH62F63V63XT -s 198.51.100.20/32 -m comment --comment "cluster1/vosha:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-PIF6VH62F63V63XT -p tcp -m comment --comment "cluster1/vosha:https" -m tcp -j DNAT --to-destination 198.51.100.20:443
-A KUBE-SVC-TZCO54F7Y4ZC56VO ! -s 198.51.100.0/24 -d 203.0.113.72/32 -p udp -m comment --comment "cluster1/vosha:snmp cluster IP" -m udp --dport 161 -j KUBE-MARK-MASQ
-A KUBE-SVC-TZCO54F7Y4ZC56VO -m comment --comment "cluster1/vosha:snmp -> 198.51.100.20:161" -j KUBE-SEP-HRGEWUF5P6S5QLB6
-A KUBE-SEP-HRGEWUF5P6S5QLB6 -s 198.51.100.20/32 -m comment --comment "cluster1/vosha:snmp" -j KUBE-MARK-MASQ
-A KUBE-SEP-HRGEWUF5P6S5QLB6 -p udp -m comment --comment "cluster1/vosha:snmp" -m udp -j DNAT --to-destination 198.51.100.20:161
-A KUBE-EXT-BIK54PEHKSKG26QE -m comment --comment "masquerade traffic for cluster1/vosha-node-port:https external destinations" -j KUBE-MARK-MASQ
-A KUBE-EXT-BIK54PEHKSKG26QE -j KUBE-SVC-BIK54PEHKSKG26QE
-A KUBE-SVC-BIK54PEHKSKG26QE ! -s 198.51.100.0/24 -d 203.0.113.78/32 -p tcp -m comment --comment "cluster1/vosha-node-port:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SVC-BIK54PEHKSKG26QE -m comment --comment "cluster1/vosha-node-port:https -> 198.51.100.20:443" -j KUBE-SEP-KQ4ZJHJ2WLDOWXUP
-A KUBE-SEP-KQ4ZJHJ2WLDOWXUP -s 198.51.100.20/32 -m comment --comment "cluster1/vosha-node-port:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-KQ4ZJHJ2WLDOWXUP -p tcp -m comment --comment "cluster1/vosha-node-port:https" -m tcp -j DNAT --to-destination 198.51.100.20:443
-A KUBE-SVC-BPEIO6BUT63IIDKU ! -s 198.51.100.0/24 -d 203.0.113.72/32 -p tcp -m comment --comment "cluster1/vosha:eis cluster IP" -m tcp --dport 1515 -j KUBE-MARK-MASQ
-A KUBE-SVC-BPEIO6BUT63IIDKU -m comment --comment "cluster1/vosha:eis -> 198.51.100.20:1515" -j KUBE-SEP-TKRG3EUVHTNMJS36
-A KUBE-SEP-TKRG3EUVHTNMJS36 -s 198.51.100.20/32 -m comment --comment "cluster1/vosha:eis" -j KUBE-MARK-MASQ
-A KUBE-SEP-TKRG3EUVHTNMJS36 -p tcp -m comment --comment "cluster1/vosha:eis" -m tcp -j DNAT --to-destination 198.51.100.20:1515
-A CNI-e21e25874684534a56cedb67 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"088d676e25b836ba1cad2c6a51c82f123437319e49f2e76950f72abfe9bf1927\"" -j ACCEPT
-A CNI-e21e25874684534a56cedb67 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"088d676e25b836ba1cad2c6a51c82f123437319e49f2e76950f72abfe9bf1927\"" -j MASQUERADE
-A CNI-295034648dcadd4507c306a9 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"722977738813a4b4dba7b54d441862d21d5970ae817c4d9a8ce4634487fc6687\"" -j ACCEPT
-A CNI-295034648dcadd4507c306a9 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"722977738813a4b4dba7b54d441862d21d5970ae817c4d9a8ce4634487fc6687\"" -j MASQUERADE
-A KUBE-SVC-N7FF4AZN6ABHG7LX ! -s 198.51.100.0/24 -d 203.0.113.128/32 -p tcp -m comment --comment "cluster1/mediautils:https-api cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SVC-N7FF4AZN6ABHG7LX -m comment --comment "cluster1/mediautils:https-api -> 198.51.100.21:443" -j KUBE-SEP-P7TNUTJGZFCU4NBV
-A KUBE-SEP-P7TNUTJGZFCU4NBV -s 198.51.100.21/32 -m comment --comment "cluster1/mediautils:https-api" -j KUBE-MARK-MASQ
-A KUBE-SEP-P7TNUTJGZFCU4NBV -p tcp -m comment --comment "cluster1/mediautils:https-api" -m tcp -j DNAT --to-destination 198.51.100.21:443
-A KUBE-SVC-4IWDM63VV4CTSCB4 ! -s 198.51.100.0/24 -d 203.0.113.128/32 -p tcp -m comment --comment "cluster1/mediautils:http-api cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SVC-4IWDM63VV4CTSCB4 -m comment --comment "cluster1/mediautils:http-api -> 198.51.100.21:8181" -j KUBE-SEP-TDJENGKLRZGC7LGZ
-A KUBE-SEP-TDJENGKLRZGC7LGZ -s 198.51.100.21/32 -m comment --comment "cluster1/mediautils:http-api" -j KUBE-MARK-MASQ
-A KUBE-SEP-TDJENGKLRZGC7LGZ -p tcp -m comment --comment "cluster1/mediautils:http-api" -m tcp -j DNAT --to-destination 198.51.100.21:8181
-A KUBE-SVC-7IU64XNEO5CE7M6Y ! -s 198.51.100.0/24 -d 203.0.113.104/32 -p tcp -m comment --comment "cluster1/fileutils:http-api cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SVC-7IU64XNEO5CE7M6Y -m comment --comment "cluster1/fileutils:http-api -> 198.51.100.22:8282" -j KUBE-SEP-VLBCDHDKW3OL3NWO
-A KUBE-SEP-VLBCDHDKW3OL3NWO -s 198.51.100.22/32 -m comment --comment "cluster1/fileutils:http-api" -j KUBE-MARK-MASQ
-A KUBE-SEP-VLBCDHDKW3OL3NWO -p tcp -m comment --comment "cluster1/fileutils:http-api" -m tcp -j DNAT --to-destination 198.51.100.22:8282
-A KUBE-SVC-4QYW4SRVIILWME7I ! -s 198.51.100.0/24 -d 203.0.113.104/32 -p tcp -m comment --comment "cluster1/fileutils:https-api cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SVC-4QYW4SRVIILWME7I -m comment --comment "cluster1/fileutils:https-api -> 198.51.100.22:443" -j KUBE-SEP-P35DCWCTJVAASTM3
-A KUBE-SEP-P35DCWCTJVAASTM3 -s 198.51.100.22/32 -m comment --comment "cluster1/fileutils:https-api" -j KUBE-MARK-MASQ
-A KUBE-SEP-P35DCWCTJVAASTM3 -p tcp -m comment --comment "cluster1/fileutils:https-api" -m tcp -j DNAT --to-destination 198.51.100.22:443
-A CNI-e9c5fcdecab043dd6c03946a -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"68567ef6b45f1055433d0f3e6fbcd064ef9bb98190dd051f69fd12cff808e30f\"" -j ACCEPT
-A CNI-e9c5fcdecab043dd6c03946a ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"68567ef6b45f1055433d0f3e6fbcd064ef9bb98190dd051f69fd12cff808e30f\"" -j MASQUERADE
-A CNI-21f0070cd08f695c17e950b1 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"4756130fd5ad708a904a99a0cad190c227812ba5f85f488054b470d5d9ab4fbb\"" -j ACCEPT
-A CNI-21f0070cd08f695c17e950b1 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"4756130fd5ad708a904a99a0cad190c227812ba5f85f488054b470d5d9ab4fbb\"" -j MASQUERADE
-A CNI-2659eaf5d8c653899294a7c9 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"103288724dcc47b7a997f0c219c0fad5d24fe11321d3a9fbfa04ba4763764450\"" -j ACCEPT
-A CNI-2659eaf5d8c653899294a7c9 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"103288724dcc47b7a997f0c219c0fad5d24fe11321d3a9fbfa04ba4763764450\"" -j MASQUERADE
-A CNI-12d28111927a6a9c6656a203 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"ecb389f6e488e34ee05de07d5ba0b6a865880613de9512f762d02a25ef996982\"" -j ACCEPT
-A CNI-12d28111927a6a9c6656a203 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"ecb389f6e488e34ee05de07d5ba0b6a865880613de9512f762d02a25ef996982\"" -j MASQUERADE
-A CNI-126e26d02bfac58b864c4534 -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"8c433fb4c3fc17ad704bf6e54b939e9997d87dd176929ea899a6a96130f63b4f\"" -j ACCEPT
-A CNI-126e26d02bfac58b864c4534 ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"8c433fb4c3fc17ad704bf6e54b939e9997d87dd176929ea899a6a96130f63b4f\"" -j MASQUERADE
-A KUBE-SVC-42YVHJO2JWGVSQCP ! -s 198.51.100.0/24 -d 203.0.113.172/32 -p tcp -m comment --comment "cluster1/asset-operator:asset-mgmt-api cluster IP" -m tcp --dport 20207 -j KUBE-MARK-MASQ
-A KUBE-SVC-42YVHJO2JWGVSQCP -m comment --comment "cluster1/asset-operator:asset-mgmt-api -> 198.51.100.26:20207" -j KUBE-SEP-OHTEMYUDBFEN6PYU
-A KUBE-SEP-OHTEMYUDBFEN6PYU -s 198.51.100.26/32 -m comment --comment "cluster1/asset-operator:asset-mgmt-api" -j KUBE-MARK-MASQ
-A KUBE-SEP-OHTEMYUDBFEN6PYU -p tcp -m comment --comment "cluster1/asset-operator:asset-mgmt-api" -m tcp -j DNAT --to-destination 198.51.100.26:20207
-A KUBE-SVC-Z5JKJMV6WZPPF7I4 ! -s 198.51.100.0/24 -d 203.0.113.172/32 -p tcp -m comment --comment "cluster1/asset-operator:asset-mgmt-grpc cluster IP" -m tcp --dport 20208 -j KUBE-MARK-MASQ
-A KUBE-SVC-Z5JKJMV6WZPPF7I4 -m comment --comment "cluster1/asset-operator:asset-mgmt-grpc -> 198.51.100.26:20208" -j KUBE-SEP-2KL4WFMWLDKTMP3R
-A KUBE-SEP-2KL4WFMWLDKTMP3R -s 198.51.100.26/32 -m comment --comment "cluster1/asset-operator:asset-mgmt-grpc" -j KUBE-MARK-MASQ
-A KUBE-SEP-2KL4WFMWLDKTMP3R -p tcp -m comment --comment "cluster1/asset-operator:asset-mgmt-grpc" -m tcp -j DNAT --to-destination 198.51.100.26:20208
-A KUBE-SVC-S7ZR6SRPCG2SUCKD ! -s 198.51.100.0/24 -d 203.0.113.111/32 -p tcp -m comment --comment "cluster1/atm:atm cluster IP" -m tcp --dport 11111 -j KUBE-MARK-MASQ
-A KUBE-SVC-S7ZR6SRPCG2SUCKD -m comment --comment "cluster1/atm:atm -> 198.51.100.27:11111" -j KUBE-SEP-J6DZFU7C6XQVL25C
-A KUBE-SEP-J6DZFU7C6XQVL25C -s 198.51.100.27/32 -m comment --comment "cluster1/atm:atm" -j KUBE-MARK-MASQ
-A KUBE-SEP-J6DZFU7C6XQVL25C -p tcp -m comment --comment "cluster1/atm:atm" -m tcp -j DNAT --to-destination 198.51.100.27:11111
-A KUBE-SVC-XKE6S5LMTXBZYB2O ! -s 198.51.100.0/24 -d 203.0.113.111/32 -p tcp -m comment --comment "cluster1/atm:atm-metrics cluster IP" -m tcp --dport 11113 -j KUBE-MARK-MASQ
-A KUBE-SVC-XKE6S5LMTXBZYB2O -m comment --comment "cluster1/atm:atm-metrics -> 198.51.100.27:11113" -j KUBE-SEP-RSDYPZF7KCXVMVEI
-A KUBE-SEP-RSDYPZF7KCXVMVEI -s 198.51.100.27/32 -m comment --comment "cluster1/atm:atm-metrics" -j KUBE-MARK-MASQ
-A KUBE-SEP-RSDYPZF7KCXVMVEI -p tcp -m comment --comment "cluster1/atm:atm-metrics" -m tcp -j DNAT --to-destination 198.51.100.27:11113
-A KUBE-SVC-U5QHTUBWV5QSLHBQ ! -s 198.51.100.0/24 -d 203.0.113.153/32 -p tcp -m comment --comment "cluster1/esam-pois:esam-translator cluster IP" -m tcp --dport 9999 -j KUBE-MARK-MASQ
-A KUBE-SVC-U5QHTUBWV5QSLHBQ -m comment --comment "cluster1/esam-pois:esam-translator -> 192.0.2.248:9999" -j KUBE-SEP-NPXPYIPKDXNSIQM4
-A KUBE-SEP-NPXPYIPKDXNSIQM4 -s 192.0.2.248/32 -m comment --comment "cluster1/esam-pois:esam-translator" -j KUBE-MARK-MASQ
-A KUBE-SEP-NPXPYIPKDXNSIQM4 -p tcp -m comment --comment "cluster1/esam-pois:esam-translator" -m tcp -j DNAT --to-destination 192.0.2.248:9999
-A KUBE-SVC-2ODQQN5RYAG7INH7 ! -s 198.51.100.0/24 -d 203.0.113.153/32 -p tcp -m comment --comment "cluster1/esam-pois:esam-pois-oob cluster IP" -m tcp --dport 9823 -j KUBE-MARK-MASQ
-A KUBE-SVC-2ODQQN5RYAG7INH7 -m comment --comment "cluster1/esam-pois:esam-pois-oob -> 192.0.2.248:9823" -j KUBE-SEP-WDG4TJIUKXBZGSTM
-A KUBE-SEP-WDG4TJIUKXBZGSTM -s 192.0.2.248/32 -m comment --comment "cluster1/esam-pois:esam-pois-oob" -j KUBE-MARK-MASQ
-A KUBE-SEP-WDG4TJIUKXBZGSTM -p tcp -m comment --comment "cluster1/esam-pois:esam-pois-oob" -m tcp -j DNAT --to-destination 192.0.2.248:9823
-A KUBE-SVC-JMRXQXR4IS7ITEPA ! -s 198.51.100.0/24 -d 203.0.113.153/32 -p tcp -m comment --comment "cluster1/esam-pois:esam-translator-external cluster IP" -m tcp --dport 19999 -j KUBE-MARK-MASQ
-A KUBE-SVC-JMRXQXR4IS7ITEPA -m comment --comment "cluster1/esam-pois:esam-translator-external -> 192.0.2.248:19999" -j KUBE-SEP-SMHPYTYTEDRFNMS4
-A KUBE-SEP-SMHPYTYTEDRFNMS4 -s 192.0.2.248/32 -m comment --comment "cluster1/esam-pois:esam-translator-external" -j KUBE-MARK-MASQ
-A KUBE-SEP-SMHPYTYTEDRFNMS4 -p tcp -m comment --comment "cluster1/esam-pois:esam-translator-external" -m tcp -j DNAT --to-destination 192.0.2.248:19999
-A KUBE-SVC-XMAJGCQWZKCDG5HZ ! -s 198.51.100.0/24 -d 203.0.113.121/32 -p tcp -m comment --comment "cluster1/casd:casd-admin cluster IP" -m tcp --dport 1482 -j KUBE-MARK-MASQ
-A KUBE-SVC-XMAJGCQWZKCDG5HZ -m comment --comment "cluster1/casd:casd-admin -> 192.0.2.248:1482" -j KUBE-SEP-FQYI7JOBNZHE6H7T
-A KUBE-SEP-FQYI7JOBNZHE6H7T -s 192.0.2.248/32 -m comment --comment "cluster1/casd:casd-admin" -j KUBE-MARK-MASQ
-A KUBE-SEP-FQYI7JOBNZHE6H7T -p tcp -m comment --comment "cluster1/casd:casd-admin" -m tcp -j DNAT --to-destination 192.0.2.248:1482
-A KUBE-SVC-ONMPPE6EKYAUZB42 ! -s 198.51.100.0/24 -d 203.0.113.62/32 -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:velocimeter-port cluster IP" -m tcp --dport 38099 -j KUBE-MARK-MASQ
-A KUBE-SVC-ONMPPE6EKYAUZB42 -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:velocimeter-port -> 192.0.2.248:38099" -j KUBE-SEP-RR3I5AA3GMW3N27J
-A KUBE-SEP-RR3I5AA3GMW3N27J -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:velocimeter-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-RR3I5AA3GMW3N27J -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:velocimeter-port" -m tcp -j DNAT --to-destination 192.0.2.248:38099
-A KUBE-SVC-VIHIPWZB3JUDL6R3 ! -s 198.51.100.0/24 -d 203.0.113.62/32 -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:tmd-port cluster IP" -m tcp --dport 31812 -j KUBE-MARK-MASQ
-A KUBE-SVC-VIHIPWZB3JUDL6R3 -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:tmd-port -> 192.0.2.248:31812" -j KUBE-SEP-KBQTMTUCCKSH4I2Y
-A KUBE-SEP-KBQTMTUCCKSH4I2Y -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:tmd-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-KBQTMTUCCKSH4I2Y -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:tmd-port" -m tcp -j DNAT --to-destination 192.0.2.248:31812
-A KUBE-SVC-P5YIOAF22U7S4CBW ! -s 198.51.100.0/24 -d 203.0.113.62/32 -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:web-port cluster IP" -m tcp --dport 8099 -j KUBE-MARK-MASQ
-A KUBE-SVC-P5YIOAF22U7S4CBW -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:web-port -> 192.0.2.248:8099" -j KUBE-SEP-ID5SBZL7PKXYDW2M
-A KUBE-SEP-ID5SBZL7PKXYDW2M -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:web-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-ID5SBZL7PKXYDW2M -p tcp -m comment --comment "cluster1/stream-processing-44de0751-40f2-4a65-ab19-290b7b8babb0:web-port" -m tcp -j DNAT --to-destination 192.0.2.248:8099
-A KUBE-SVC-EPM2TQ4DEYPWUKY4 ! -s 198.51.100.0/24 -d 203.0.113.197/32 -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:tmd-port cluster IP" -m tcp --dport 31812 -j KUBE-MARK-MASQ
-A KUBE-SVC-EPM2TQ4DEYPWUKY4 -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:tmd-port -> 192.0.2.248:31812" -j KUBE-SEP-BC7X6ZJP2YZEWFFG
-A KUBE-SEP-BC7X6ZJP2YZEWFFG -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:tmd-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-BC7X6ZJP2YZEWFFG -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:tmd-port" -m tcp -j DNAT --to-destination 192.0.2.248:31812
-A KUBE-SVC-UQJOFU6Z7JK2ZU7X ! -s 198.51.100.0/24 -d 203.0.113.197/32 -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:web-port cluster IP" -m tcp --dport 8099 -j KUBE-MARK-MASQ
-A KUBE-SVC-UQJOFU6Z7JK2ZU7X -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:web-port -> 192.0.2.248:8099" -j KUBE-SEP-AOIMN4QFVFNRSGM4
-A KUBE-SEP-AOIMN4QFVFNRSGM4 -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:web-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-AOIMN4QFVFNRSGM4 -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:web-port" -m tcp -j DNAT --to-destination 192.0.2.248:8099
-A KUBE-SVC-NOV7YL5QQDYXAGJG ! -s 198.51.100.0/24 -d 203.0.113.197/32 -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:velocimeter-port cluster IP" -m tcp --dport 38099 -j KUBE-MARK-MASQ
-A KUBE-SVC-NOV7YL5QQDYXAGJG -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:velocimeter-port -> 192.0.2.248:38099" -j KUBE-SEP-GE27C67GZBMLIY66
-A KUBE-SEP-GE27C67GZBMLIY66 -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:velocimeter-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-GE27C67GZBMLIY66 -p tcp -m comment --comment "cluster1/stream-processing-e7395e3b-b18c-442c-a045-e1ceced0696b:velocimeter-port" -m tcp -j DNAT --to-destination 192.0.2.248:38099
-A KUBE-SVC-3HHQII33HHMJ2PTU ! -s 198.51.100.0/24 -d 203.0.113.189/32 -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:web-port cluster IP" -m tcp --dport 8099 -j KUBE-MARK-MASQ
-A KUBE-SVC-3HHQII33HHMJ2PTU -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:web-port -> 192.0.2.248:8099" -j KUBE-SEP-RIF7SDKNDPHGXTOQ
-A KUBE-SEP-RIF7SDKNDPHGXTOQ -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:web-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-RIF7SDKNDPHGXTOQ -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:web-port" -m tcp -j DNAT --to-destination 192.0.2.248:8099
-A KUBE-SVC-4IBCJHQ4KUY4VCZ2 ! -s 198.51.100.0/24 -d 203.0.113.189/32 -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:tmd-port cluster IP" -m tcp --dport 31812 -j KUBE-MARK-MASQ
-A KUBE-SVC-4IBCJHQ4KUY4VCZ2 -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:tmd-port -> 192.0.2.248:31812" -j KUBE-SEP-6BTNHEXPDFV7RSJV
-A KUBE-SEP-6BTNHEXPDFV7RSJV -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:tmd-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-6BTNHEXPDFV7RSJV -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:tmd-port" -m tcp -j DNAT --to-destination 192.0.2.248:31812
-A KUBE-SVC-IYPP263IJDMIB5QJ ! -s 198.51.100.0/24 -d 203.0.113.189/32 -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:velocimeter-port cluster IP" -m tcp --dport 38099 -j KUBE-MARK-MASQ
-A KUBE-SVC-IYPP263IJDMIB5QJ -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:velocimeter-port -> 192.0.2.248:38099" -j KUBE-SEP-3MBTRCKLZKIFMIWT
-A KUBE-SEP-3MBTRCKLZKIFMIWT -s 192.0.2.248/32 -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:velocimeter-port" -j KUBE-MARK-MASQ
-A KUBE-SEP-3MBTRCKLZKIFMIWT -p tcp -m comment --comment "cluster1/stream-processing-2f500ba9-d3b4-4332-bfa3-74be6e00aae2:velocimeter-port" -m tcp -j DNAT --to-destination 192.0.2.248:38099
-A CNI-de56d6114fd588fe5df4fedd -d 198.51.100.0/24 -m comment --comment "name: \"bridge\" id: \"6ae50f2a676c640e423edd4d4bf7cff29770d8a9e82293d7113d8fcef8912e53\"" -j ACCEPT
-A CNI-de56d6114fd588fe5df4fedd ! -d 224.0.0.0/4 -m comment --comment "name: \"bridge\" id: \"6ae50f2a676c640e423edd4d4bf7cff29770d8a9e82293d7113d8fcef8912e53\"" -j MASQUERADE
-A KUBE-EXT-GWCCZM4RXSULONHS -m comment --comment "masquerade traffic for cluster1/uoe-mds-external:egress external destinations" -j KUBE-MARK-MASQ
-A KUBE-EXT-GWCCZM4RXSULONHS -j KUBE-SVC-GWCCZM4RXSULONHS
-A KUBE-SVC-GWCCZM4RXSULONHS ! -s 198.51.100.0/24 -d 203.0.113.100/32 -p tcp -m comment --comment "cluster1/uoe-mds-external:egress cluster IP" -m tcp --dport 20202 -j KUBE-MARK-MASQ
-A KUBE-SVC-GWCCZM4RXSULONHS -m comment --comment "cluster1/uoe-mds-external:egress -> 198.51.100.25:20202" -j KUBE-SEP-TQUFUH2PWEHMKOKN
-A KUBE-SEP-TQUFUH2PWEHMKOKN -s 198.51.100.25/32 -m comment --comment "cluster1/uoe-mds-external:egress" -j KUBE-MARK-MASQ
-A KUBE-SEP-TQUFUH2PWEHMKOKN -p tcp -m comment --comment "cluster1/uoe-mds-external:egress" -m tcp -j DNAT --to-destination 198.51.100.25:20202
-A KUBE-EXT-HX2LA6JNM6GNNHU3 -m comment --comment "masquerade traffic for cluster1/uoe-mds-external:egress-https external destinations" -j KUBE-MARK-MASQ
-A KUBE-EXT-HX2LA6JNM6GNNHU3 -j KUBE-SVC-HX2LA6JNM6GNNHU3
-A KUBE-SVC-HX2LA6JNM6GNNHU3 ! -s 198.51.100.0/24 -d 203.0.113.100/32 -p tcp -m comment --comment "cluster1/uoe-mds-external:egress-https cluster IP" -m tcp --dport 20212 -j KUBE-MARK-MASQ
-A KUBE-SVC-HX2LA6JNM6GNNHU3 -m comment --comment "cluster1/uoe-mds-external:egress-https -> 198.51.100.25:20212" -j KUBE-SEP-PWJ73JADQVQGOKOV
-A KUBE-SEP-PWJ73JADQVQGOKOV -s 198.51.100.25/32 -m comment --comment "cluster1/uoe-mds-external:egress-https" -j KUBE-MARK-MASQ
-A KUBE-SEP-PWJ73JADQVQGOKOV -p tcp -m comment --comment "cluster1/uoe-mds-external:egress-https" -m tcp -j DNAT --to-destination 198.51.100.25:20212
-A KUBE-SVC-KCOWRBV76QE7D3XH ! -s 198.51.100.0/24 -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:mds-stat cluster IP" -m tcp --dport 20204 -j KUBE-MARK-MASQ
-A KUBE-SVC-KCOWRBV76QE7D3XH -m comment --comment "cluster1/uoe-mds:mds-stat -> 198.51.100.25:20204" -j KUBE-SEP-G72LXE4RUWDR2TU4
-A KUBE-SEP-G72LXE4RUWDR2TU4 -s 198.51.100.25/32 -m comment --comment "cluster1/uoe-mds:mds-stat" -j KUBE-MARK-MASQ
-A KUBE-SEP-G72LXE4RUWDR2TU4 -p tcp -m comment --comment "cluster1/uoe-mds:mds-stat" -m tcp -j DNAT --to-destination 198.51.100.25:20204
-A KUBE-SVC-WHXFPKONIQ62INZ7 ! -s 198.51.100.0/24 -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:monitoring cluster IP" -m tcp --dport 20209 -j KUBE-MARK-MASQ
-A KUBE-SVC-WHXFPKONIQ62INZ7 -m comment --comment "cluster1/uoe-mds:monitoring -> 198.51.100.25:20209" -j KUBE-SEP-22J7XKD6Q52MHUP6
-A KUBE-SEP-22J7XKD6Q52MHUP6 -s 198.51.100.25/32 -m comment --comment "cluster1/uoe-mds:monitoring" -j KUBE-MARK-MASQ
-A KUBE-SEP-22J7XKD6Q52MHUP6 -p tcp -m comment --comment "cluster1/uoe-mds:monitoring" -m tcp -j DNAT --to-destination 198.51.100.25:20209
-A KUBE-SVC-MEKGXXYAXVUOEBCV ! -s 198.51.100.0/24 -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:egress cluster IP" -m tcp --dport 20202 -j KUBE-MARK-MASQ
-A KUBE-SVC-MEKGXXYAXVUOEBCV -m comment --comment "cluster1/uoe-mds:egress -> 198.51.100.25:20202" -j KUBE-SEP-EZGPPRIUTAL5XWYI
-A KUBE-SEP-EZGPPRIUTAL5XWYI -s 198.51.100.25/32 -m comment --comment "cluster1/uoe-mds:egress" -j KUBE-MARK-MASQ
-A KUBE-SEP-EZGPPRIUTAL5XWYI -p tcp -m comment --comment "cluster1/uoe-mds:egress" -m tcp -j DNAT --to-destination 198.51.100.25:20202
-A KUBE-SVC-NAMSTJQKLC3S4OWG ! -s 198.51.100.0/24 -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:alloy cluster IP" -m tcp --dport 12345 -j KUBE-MARK-MASQ
-A KUBE-SVC-NAMSTJQKLC3S4OWG -m comment --comment "cluster1/uoe-mds:alloy -> 198.51.100.25:12345" -j KUBE-SEP-EMS26V6FS7LCC6NT
-A KUBE-SEP-EMS26V6FS7LCC6NT -s 198.51.100.25/32 -m comment --comment "cluster1/uoe-mds:alloy" -j KUBE-MARK-MASQ
-A KUBE-SEP-EMS26V6FS7LCC6NT -p tcp -m comment --comment "cluster1/uoe-mds:alloy" -m tcp -j DNAT --to-destination 198.51.100.25:12345
-A KUBE-SVC-TKRJTT6AEOUKON5B ! -s 198.51.100.0/24 -d 203.0.113.157/32 -p tcp -m comment --comment "cluster1/uoe-mds:egress-https cluster IP" -m tcp --dport 20212 -j KUBE-MARK-MASQ
-A KUBE-SVC-TKRJTT6AEOUKON5B -m comment --comment "cluster1/uoe-mds:egress-https -> 198.51.100.25:20212" -j KUBE-SEP-AQPSH5A6RHQP2TCL
-A KUBE-SEP-AQPSH5A6RHQP2TCL -s 198.51.100.25/32 -m comment --comment "cluster1/uoe-mds:egress-https" -j KUBE-MARK-MASQ
-A KUBE-SEP-AQPSH5A6RHQP2TCL -p tcp -m comment --comment "cluster1/uoe-mds:egress-https" -m tcp -j DNAT --to-destination 198.51.100.25:20212
-A KUBE-EXT-44FQG5JMGB6XKYOK -m comment --comment "masquerade traffic for cluster1/tmd-control-external:tmd-control external destinations" -j KUBE-MARK-MASQ
-A KUBE-EXT-44FQG5JMGB6XKYOK -j KUBE-SVC-44FQG5JMGB6XKYOK
-A KUBE-SVC-44FQG5JMGB6XKYOK ! -s 198.51.100.0/24 -d 203.0.113.75/32 -p tcp -m comment --comment "cluster1/tmd-control-external:tmd-control cluster IP" -m tcp --dport 9120 -j KUBE-MARK-MASQ
-A KUBE-SVC-44FQG5JMGB6XKYOK -m comment --comment "cluster1/tmd-control-external:tmd-control -> 198.51.100.28:9120" -j KUBE-SEP-STPY7SVDDNK3MKUM
-A KUBE-SEP-STPY7SVDDNK3MKUM -s 198.51.100.28/32 -m comment --comment "cluster1/tmd-control-external:tmd-control" -j KUBE-MARK-MASQ
-A KUBE-SEP-STPY7SVDDNK3MKUM -p tcp -m comment --comment "cluster1/tmd-control-external:tmd-control" -m tcp -j DNAT --to-destination 198.51.100.28:9120
-A KUBE-SVC-Z3XYRULMR3NPC2II ! -s 198.51.100.0/24 -d 203.0.113.240/32 -p tcp -m comment --comment "cluster1/tmd-control:tmd-control cluster IP" -m tcp --dport 9120 -j KUBE-MARK-MASQ
-A KUBE-SVC-Z3XYRULMR3NPC2II -m comment --comment "cluster1/tmd-control:tmd-control -> 198.51.100.28:9120" -j KUBE-SEP-2O5HYQSMWLYKEINC
-A KUBE-SEP-2O5HYQSMWLYKEINC -s 198.51.100.28/32 -m comment --comment "cluster1/tmd-control:tmd-control" -j KUBE-MARK-MASQ
-A KUBE-SEP-2O5HYQSMWLYKEINC -p tcp -m comment --comment "cluster1/tmd-control:tmd-control" -m tcp -j DNAT --to-destination 198.51.100.28:9120
-A KUBE-SVC-MERHNWTJS7GAOGNO ! -s 198.51.100.0/24 -d 203.0.113.237/32 -p tcp -m comment --comment "cluster1/simulcrypt:simulcrypt-mux cluster IP" -m tcp --dport 1515 -j KUBE-MARK-MASQ
-A KUBE-SVC-MERHNWTJS7GAOGNO -m comment --comment "cluster1/simulcrypt:simulcrypt-mux -> 192.0.2.248:1515" -j KUBE-SEP-7F5Y4AW6GKK4NN2G
-A KUBE-SEP-7F5Y4AW6GKK4NN2G -s 192.0.2.248/32 -m comment --comment "cluster1/simulcrypt:simulcrypt-mux" -j KUBE-MARK-MASQ
-A KUBE-SEP-7F5Y4AW6GKK4NN2G -p tcp -m comment --comment "cluster1/simulcrypt:simulcrypt-mux" -m tcp -j DNAT --to-destination 192.0.2.248:1515
COMMIT
# Completed on Tue Nov 18 13:56:14 2025
# Generated by iptables-save v1.8.5 on Tue Nov 18 13:56:14 2025
*mangle
:PREROUTING ACCEPT [1308244442:1705358917244]
:INPUT ACCEPT [1294516893:1694172224626]
:FORWARD ACCEPT [13727425:11186527416]
:OUTPUT ACCEPT [355352866:434871030689]
:POSTROUTING ACCEPT [369085999:446057727154]
:KUBE-IPTABLES-HINT - [0:0]
:KUBE-KUBELET-CANARY - [0:0]
:KUBE-PROXY-CANARY - [0:0]
COMMIT
# Completed on Tue Nov 18 13:56:14 2025
# Generated by iptables-save v1.8.5 on Tue Nov 18 13:56:14 2025
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [263083:18630477]
:OUTPUT ACCEPT [355352826:434871027085]
:drop_forward - [0:0]
:accept_mng - [0:0]
:deny - [0:0]
:deny_limit - [0:0]
:filter_svc - [0:0]
:external_accept - [0:0]
:mark_accept - [0:0]
:KUBE-FIREWALL - [0:0]
:KUBE-FORWARD - [0:0]
:KUBE-SERVICES - [0:0]
:KUBE-EXTERNAL-SERVICES - [0:0]
:KUBE-KUBELET-CANARY - [0:0]
:KUBE-PROXY-CANARY - [0:0]
:KUBE-NODEPORTS - [0:0]
:KUBE-PROXY-FIREWALL - [0:0]
-A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes load balancer firewall" -j KUBE-PROXY-FIREWALL
-A INPUT -m comment --comment "kubernetes health check service ports" -j KUBE-NODEPORTS
-A INPUT -m conntrack --ctstate UNTRACKED -j ACCEPT
-A INPUT -d 224.0.0.0/4 -p udp -j ACCEPT
-A INPUT -p udp -m udp --dport 1024:65535 -m connmark --mark 0x10/0xff -j ACCEPT
-A INPUT -d 224.0.0.0/4 -p igmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j accept_mng
-A INPUT -j KUBE-FIREWALL
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes externally-visible service portals" -j KUBE-EXTERNAL-SERVICES
-A INPUT -i lo -j ACCEPT
-A INPUT -i kub+ -j ACCEPT
-A INPUT -i cni+ -j ACCEPT
-A INPUT -p icmp -j accept_mng
-A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -j accept_mng
-A INPUT -p udp -m udp --dport 1024:65535 -m conntrack --ctstate NEW -m connmark --mark 0x0 -m socket --nowildcard -j mark_accept
-A INPUT -i en+ -m conntrack --ctstate NEW -j external_accept
-A INPUT -i net+ -m conntrack --ctstate NEW -j external_accept
-A INPUT -i usb+ -m conntrack --ctstate NEW -j external_accept
-A INPUT -j deny_limit
-A INPUT -j DROP
-A FORWARD -m conntrack --ctstate NEW -m comment --comment "kubernetes load balancer firewall" -j KUBE-PROXY-FIREWALL
-A FORWARD -i en+ -j drop_forward
-A FORWARD -i net+ -j drop_forward
-A FORWARD -i usb+ -j drop_forward
-A FORWARD -i bmc+ -j drop_forward
-A FORWARD -d 198.51.100.0/24 -i en+ -m conntrack --ctstate NEW -j filter_svc
-A FORWARD -d 198.51.100.0/24 -i net+ -m conntrack --ctstate NEW -j filter_svc
-A FORWARD -m comment --comment "kubernetes forwarding rules" -j KUBE-FORWARD
-A FORWARD -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A FORWARD -m conntrack --ctstate NEW -m comment --comment "kubernetes externally-visible service portals" -j KUBE-EXTERNAL-SERVICES
-A OUTPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes load balancer firewall" -j KUBE-PROXY-FIREWALL
-A OUTPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A OUTPUT -j KUBE-FIREWALL
-A drop_forward -o en+ -j DROP
-A drop_forward -o net+ -j DROP
-A drop_forward -o usb+ -j DROP
-A drop_forward -o bmc+ -j DROP
-A accept_mng -m devgroup --src-group 0x8 -j ACCEPT
-A accept_mng -i net1 -j ACCEPT
-A accept_mng -i cni0 -j ACCEPT
-A accept_mng -j deny_limit
-A deny -p tcp -j REJECT --reject-with tcp-reset
-A deny -p udp -j REJECT --reject-with icmp-port-unreachable
-A deny -j REJECT --reject-with icmp-proto-unreachable
-A deny_limit -m limit --limit 2/sec --limit-burst 10 -j deny
-A deny_limit -j DROP
-A filter_svc -p tcp -m devgroup --src-group 0x8 -m conntrack --ctstate NEW --ctorigdstport 80 -j RETURN
-A filter_svc -p tcp -m devgroup --src-group 0x8 -m conntrack --ctstate NEW --ctorigdstport 443 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 3479 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 5167 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 7800:7899 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 8088 -j RETURN
-A filter_svc -p tcp -m devgroup --src-group 0x8 -m conntrack --ctstate NEW --ctorigdstport 8443 -j RETURN
-A filter_svc -p tcp -m devgroup --src-group 0x8 -m conntrack --ctstate NEW --ctorigdstport 8943 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 9755 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 20202 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 20203 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 20206 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 20212 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 20216 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 20300:20399 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 20420:20429 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 32500 -j RETURN
-A filter_svc -p tcp -m conntrack --ctstate NEW --ctorigdstport 20600:20663 -j RETURN
-A filter_svc -p tcp -m devgroup --src-group 0x8 -m conntrack --ctstate NEW --ctorigdstport 9120 -j RETURN
-A filter_svc -p tcp -m devgroup --src-group 0x8 -m conntrack --ctstate NEW --ctorigdstport 9543 -j RETURN
-A filter_svc -p tcp -j deny_limit
-A external_accept -p tcp -m multiport --dports 5167,7800:7899,8088,9755,20202,20203,20206,20212,20216,32500 -j ACCEPT
-A external_accept -p tcp -m multiport --dports 3479,20300:20399,20420:20429,20600:20663 -j ACCEPT
-A external_accept -p tcp -m devgroup --src-group 0x8 -m multiport --dports 80,443,8443,8943,9120,9543 -j ACCEPT
-A mark_accept -j CONNMARK --set-xmark 0x10/0xff
-A mark_accept -j ACCEPT
-A KUBE-FIREWALL ! -s 127.0.0.0/8 -d 127.0.0.0/8 -m comment --comment "block incoming localnet connections" -m conntrack ! --ctstate RELATED,ESTABLISHED,DNAT -j DROP
-A KUBE-FORWARD -m conntrack --ctstate INVALID -j DROP
-A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT
-A KUBE-FORWARD -m comment --comment "kubernetes forwarding conntrack rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A KUBE-SERVICES -d 203.0.113.118/32 -p tcp -m comment --comment "cluster1/uoe-potf:potf has no endpoints" -m tcp --dport 20201 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:kms-port has no endpoints" -m tcp --dport 8000 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:kmscpix-port has no endpoints" -m tcp --dport 8004 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:harmoniccpix has no endpoints" -m tcp --dport 9294 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.188/32 -p tcp -m comment --comment "cluster1/internal-kms-external:egress has no endpoints" -m tcp --dport 20213 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.106/32 -p tcp -m comment --comment "cluster1/external-asset-potf:potf has no endpoints" -m tcp --dport 20201 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:kmscpix-https has no endpoints" -m tcp --dport 8005 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:applecpix-port has no endpoints" -m tcp --dport 9293 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:kms-https-port has no endpoints" -m tcp --dport 8002 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.127/32 -p tcp -m comment --comment "ingress-nginx/default-backend has no endpoints" -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:min-header has no endpoints" -m tcp --dport 8006 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.118/32 -p tcp -m comment --comment "cluster1/uoe-potf:potf-backup has no endpoints" -m tcp --dport 20211 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.106/32 -p tcp -m comment --comment "cluster1/external-asset-potf:potf-backup has no endpoints" -m tcp --dport 20211 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.117/32 -p udp -m comment --comment "cluster1/webrtc-turn-udp:turn has no endpoints" -m udp --dport 3478 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.156/32 -p tcp -m comment --comment "cluster1/webrtc-turn-tcp:turn has no endpoints" -m tcp --dport 3478 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.70/32 -p tcp -m comment --comment "cluster1/webrtc-http:webrtc-tcp has no endpoints" -m tcp --dport 4443 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:key-access-port has no endpoints" -m tcp --dport 8100 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.188/32 -p tcp -m comment --comment "cluster1/internal-kms-external:egress-unencrypted has no endpoints" -m tcp --dport 20214 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:responsegen has no endpoints" -m tcp --dport 9295 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 203.0.113.231/32 -p tcp -m comment --comment "cluster1/kms-service:proxy has no endpoints" -m tcp --dport 9296 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-EXTERNAL-SERVICES -p tcp -m comment --comment "cluster1/internal-kms-external:egress has no endpoints" -m addrtype --dst-type LOCAL -m tcp --dport 20213 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-EXTERNAL-SERVICES -p udp -m comment --comment "cluster1/webrtc-turn-udp:turn has no endpoints" -m addrtype --dst-type LOCAL -m udp --dport 3478 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-EXTERNAL-SERVICES -p tcp -m comment --comment "cluster1/webrtc-turn-tcp:turn has no endpoints" -m addrtype --dst-type LOCAL -m tcp --dport 3479 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-EXTERNAL-SERVICES -p tcp -m comment --comment "cluster1/internal-kms-external:egress-unencrypted has no endpoints" -m addrtype --dst-type LOCAL -m tcp --dport 20214 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue Nov 18 13:56:14 2025
