Chain INPUT (policy ACCEPT 1359 packets, 307K bytes) num pkts bytes target prot opt in out source destination 1 0 0 KUBE-PROXY-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ 2 687 148K KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes health check service ports */ 3 0 0 KUBE-EXTERNAL-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */ 4 886 233K KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 16 packets, 734 bytes) num pkts bytes target prot opt in out source destination 1 13 585 KUBE-PROXY-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ 2 17 793 KUBE-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ 3 13 585 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */ 4 13 585 KUBE-EXTERNAL-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */ 5 13 585 FLANNEL-FWD all -- * * 0.0.0.0/0 0.0.0.0/0 /* flanneld forward */ Chain OUTPUT (policy ACCEPT 1491 packets, 279K bytes) num pkts bytes target prot opt in out source destination 1 24 1440 KUBE-PROXY-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ 2 24 1440 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */ 3 950 220K KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 Chain KUBE-FIREWALL (2 references) num pkts bytes target prot opt in out source destination 1 0 0 DROP all -- * * !127.0.0.0/8 127.0.0.0/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT 2 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000 Chain KUBE-KUBELET-CANARY (0 references) num pkts bytes target prot opt in out source destination Chain FLANNEL-FWD (1 references) num pkts bytes target prot opt in out source destination 1 13 585 ACCEPT all -- * * 10.44.0.0/16 0.0.0.0/0 /* flanneld forward */ 2 0 0 ACCEPT all -- * * 0.0.0.0/0 10.44.0.0/16 /* flanneld forward */ Chain KUBE-EXTERNAL-SERVICES (2 references) num pkts bytes target prot opt in out source destination Chain KUBE-NODEPORTS (1 references) num pkts bytes target prot opt in out source destination Chain KUBE-SERVICES (2 references) num pkts bytes target prot opt in out source destination Chain KUBE-FORWARD (1 references) num pkts bytes target prot opt in out source destination 1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 2 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x4000/0x4000 3 4 208 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED Chain KUBE-PROXY-FIREWALL (3 references) num pkts bytes target prot opt in out source destination Chain KUBE-PROXY-CANARY (0 references) num pkts bytes target prot opt in out source destination