root@test1:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
这个是开启的。是可以ping通。我是一直怀疑是防火墙的问题。但是iptables 我清空了。里面的规则rke2会自动加上去
test1 防火墙规则:
root@test1:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
cali-INPUT all – anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c /
KUBE-PROXY-FIREWALL all – anywhere anywhere ctstate NEW / kubernetes load balancer firewall /
KUBE-NODEPORTS all – anywhere anywhere / kubernetes health check service ports /
KUBE-EXTERNAL-SERVICES all – anywhere anywhere ctstate NEW / kubernetes externally-visible service portals */
KUBE-FIREWALL all – anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
cali-FORWARD all – anywhere anywhere /* cali:wUHhoiAYhphO9Mso /
KUBE-PROXY-FIREWALL all – anywhere anywhere ctstate NEW / kubernetes load balancer firewall /
KUBE-FORWARD all – anywhere anywhere / kubernetes forwarding rules /
KUBE-SERVICES all – anywhere anywhere ctstate NEW / kubernetes service portals /
KUBE-EXTERNAL-SERVICES all – anywhere anywhere ctstate NEW / kubernetes externally-visible service portals /
FLANNEL-FWD all – anywhere anywhere / flanneld forward /
ACCEPT all – anywhere anywhere / cali:S93hcgKJrXEqnTfs / / Policy explicitly accepted packet. /
MARK all – anywhere anywhere / cali:mp77cMpurHhyjLrM */ MARK or 0x10000
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cali-OUTPUT all – anywhere anywhere /* cali:tVnHkvAo15HuiPy0 /
KUBE-PROXY-FIREWALL all – anywhere anywhere ctstate NEW / kubernetes load balancer firewall /
KUBE-SERVICES all – anywhere anywhere ctstate NEW / kubernetes service portals */
KUBE-FIREWALL all – anywhere anywhere
Chain FLANNEL-FWD (1 references)
target prot opt source destination
ACCEPT all – test1/16 anywhere /* flanneld forward /
ACCEPT all – anywhere test1/16 / flanneld forward */
Chain KUBE-EXTERNAL-SERVICES (2 references)
target prot opt source destination
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all – !localhost/8 localhost/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT
Chain KUBE-FORWARD (1 references)
target prot opt source destination
DROP all – anywhere anywhere ctstate INVALID
ACCEPT all – anywhere anywhere /* kubernetes forwarding rules /
ACCEPT all – anywhere anywhere / kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-KUBELET-CANARY (0 references)
target prot opt source destination
Chain KUBE-NODEPORTS (1 references)
target prot opt source destination
Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination
Chain KUBE-PROXY-FIREWALL (3 references)
target prot opt source destination
Chain KUBE-SERVICES (2 references)
target prot opt source destination
Chain cali-FORWARD (1 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:vjrMJCRpqwy5oRoX / MARK and 0xfff1ffff
cali-from-hep-forward all – anywhere anywhere / cali:A_sPAO0mcxbT9mOV /
cali-from-wl-dispatch all – anywhere anywhere / cali:8ZoYfO5HKXWbB3pk /
cali-to-wl-dispatch all – anywhere anywhere / cali:jdEuaPBe14V2hutn /
cali-to-hep-forward all – anywhere anywhere / cali:12bc6HljsMKsmfr- /
cali-cidr-block all – anywhere anywhere / cali:NOSxoaGx8OIstr1z */
Chain cali-INPUT (1 references)
target prot opt source destination
cali-wl-to-host all – anywhere anywhere [goto] /* cali:FewJpBykm9iJ-YNH /
ACCEPT all – anywhere anywhere / cali:hder3ARWznqqv8Va /
MARK all – anywhere anywhere / cali:xgOu2uJft6H9oDGF / MARK and 0xfff0ffff
cali-from-host-endpoint all – anywhere anywhere / cali:_-d-qojMfHM6NwBo /
ACCEPT all – anywhere anywhere / cali:LqmE76MP94lZTGhA / / Host endpoint policy accepted packet. */
Chain cali-OUTPUT (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:Mq1_rAdXXH3YkrzW /
RETURN all – anywhere anywhere / cali:69FkRTJDvD5Vu6Vl /
MARK all – anywhere anywhere / cali:Fskumj4SGQtDV6GC / MARK and 0xfff0ffff
cali-to-host-endpoint all – anywhere anywhere / cali:1F4VWEsQu0QbRwKf / ! ctstate DNAT
ACCEPT all – anywhere anywhere / cali:m8Eqm15x1MjD24LD / / Host endpoint policy accepted packet. */
Chain cali-cidr-block (1 references)
target prot opt source destination
Chain cali-from-hep-forward (1 references)
target prot opt source destination
Chain cali-from-host-endpoint (1 references)
target prot opt source destination
Chain cali-from-wl-dispatch (2 references)
target prot opt source destination
cali-from-wl-dispatch-0 all – anywhere anywhere [goto] /* cali:eBnVcASLTvMFg9XV /
cali-fw-cali246872eb4af all – anywhere anywhere [goto] / cali:cRSX_Mb1rZRl4W5L /
cali-fw-cali373ca29ad31 all – anywhere anywhere [goto] / cali:mReRl8kLivug44AS /
cali-from-wl-dispatch-7 all – anywhere anywhere [goto] / cali:NQUzHIb8b2GXOX5g /
cali-fw-calic8676e725b9 all – anywhere anywhere [goto] / cali:sbEeCf3MMuv4Gxpp /
DROP all – anywhere anywhere / cali:jLquYv7DJiH_jlvb / / Unknown interface */
Chain cali-from-wl-dispatch-0 (1 references)
target prot opt source destination
cali-fw-cali064f4851075 all – anywhere anywhere [goto] /* cali:3r6-acGSvWRs6WyU /
cali-fw-cali0a518845bb8 all – anywhere anywhere [goto] / cali:gK9j0iqP28QPJtMd /
DROP all – anywhere anywhere / cali:MT0GVycdauMfaryy / / Unknown interface */
Chain cali-from-wl-dispatch-7 (1 references)
target prot opt source destination
cali-fw-cali750b6fce077 all – anywhere anywhere [goto] /* cali:7ZCplb3GqgEXWuBS /
cali-fw-cali78235d27e3b all – anywhere anywhere [goto] / cali:6U5KAXTaH7Rl0u6L /
DROP all – anywhere anywhere / cali:zZpCz9oxsnCztppN / / Unknown interface */
Chain cali-fw-cali064f4851075 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:HcFLQLDFDq3Zs7Y4 / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:NUxXiyqSpvevvOzh / ctstate INVALID
MARK all – anywhere anywhere / cali:yJWIGpydzAcioi86 / MARK and 0xfffeffff
DROP udp – anywhere anywhere / cali:pk38cKEiwaZqaUhT / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere / cali:9SYhiZpsDD_FVEoI / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere / cali:V1GQ0mqbqKFK3uPX /
RETURN all – anywhere anywhere / cali:AEDqJKNvy9eEfgO2 / / Return if profile accepted /
cali-pro-_8SDYViIwwzQDgRml2t all – anywhere anywhere / cali:SOMjNze5Va9a9zXw /
RETURN all – anywhere anywhere / cali:RaDInGnqdrbhWOQX / / Return if profile accepted /
DROP all – anywhere anywhere / cali:ZmdIk2skmGjmkekf / / Drop if no profiles matched */
Chain cali-fw-cali0a518845bb8 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:e2idjiORwR9ARsvY / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:GWDQfezmnSoAEYLd / ctstate INVALID
MARK all – anywhere anywhere / cali:g4JwM4IeBnfPl-AT / MARK and 0xfffeffff
DROP udp – anywhere anywhere / cali:a6XZaAkxfZZJF-Bc / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere / cali:NBwWx3QDCBQqxDP8 / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere / cali:scd4KBPjJkrRWh8T /
RETURN all – anywhere anywhere / cali:OA3VjO7dnJOSR_Od / / Return if profile accepted /
cali-pro-_u2Tn2rSoAPffvE7JO6 all – anywhere anywhere / cali:_3XcHcBbp0QPYG_B /
RETURN all – anywhere anywhere / cali:vhF8ksc0LKqBlNiU / / Return if profile accepted /
DROP all – anywhere anywhere / cali:nWM0Zhv8Xswc59GE / / Drop if no profiles matched */
Chain cali-fw-cali246872eb4af (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:N6guZwE0aruJ5xaD / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:E7RXiMvBSHmJNjXu / ctstate INVALID
MARK all – anywhere anywhere / cali:KN-DHoOqdi_g_tdv / MARK and 0xfffeffff
DROP udp – anywhere anywhere / cali:fpIHipyyIqzCCz8Z / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere / cali:hF8j7iCqB1P9qkAj / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere / cali:hnohJ9-G1ygIxZQk /
RETURN all – anywhere anywhere / cali:YOTagqSmm0jKOUGa / / Return if profile accepted /
cali-pro-_GyLFhtf5u9n-v9Ckd7 all – anywhere anywhere / cali:vkk0Ipl8B-rsm5JD /
RETURN all – anywhere anywhere / cali:KqiX0N0TY3nOZbBa / / Return if profile accepted /
DROP all – anywhere anywhere / cali:EmyR_OvEtp5UQk6U / / Drop if no profiles matched */
Chain cali-fw-cali373ca29ad31 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:dNJMPi6IueZ3itMO / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:662FxtIahSVcWP7K / ctstate INVALID
MARK all – anywhere anywhere / cali:bRS0iWsHyUiCfIs0 / MARK and 0xfffeffff
DROP udp – anywhere anywhere / cali:OsbXG1TzJ4UiA6jr / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere / cali:GnoTv9wMZSJW8Mpn / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere / cali:-YFeUoSo-0WgkV9w /
RETURN all – anywhere anywhere / cali:hLAf6ZQgPvSu_Ou_ / / Return if profile accepted /
cali-pro-_vOEu3o_UBpjhIsR6zZ all – anywhere anywhere / cali:rRmj4-2TOo9YT3k3 /
RETURN all – anywhere anywhere / cali:93cWfLkQavGvpuXJ / / Return if profile accepted /
DROP all – anywhere anywhere / cali:SLCnhdtEpI5ozPUt / / Drop if no profiles matched */
Chain cali-fw-cali750b6fce077 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:fl4hD-s3bqez0Nfa / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:CkDnXJwTXVcTzz0k / ctstate INVALID
MARK all – anywhere anywhere / cali:1qQZsfhUDTyxTuQz / MARK and 0xfffeffff
DROP udp – anywhere anywhere / cali:JzD7gErv5ANrOf-i / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere / cali:kwG7yfC5PEcfO6Dz / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.default all – anywhere anywhere / cali:yMocnyQ3pB9E0BNp /
RETURN all – anywhere anywhere / cali:8nGX4O_Y_0HXnt77 / / Return if profile accepted /
cali-pro-ksa.default.default all – anywhere anywhere / cali:fTGLncC15p_QqhpT /
RETURN all – anywhere anywhere / cali:1-7NoBnWAOmWTSYe / / Return if profile accepted /
DROP all – anywhere anywhere / cali:_zcld5WDsDs5fH70 / / Drop if no profiles matched */
Chain cali-fw-cali78235d27e3b (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:-fSiIc-pP_ZVizuy / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:9odQLOwb5p79wunV / ctstate INVALID
MARK all – anywhere anywhere / cali:C8tr4zKBeOU8OE42 / MARK and 0xfffeffff
DROP udp – anywhere anywhere / cali:PxD_RftcD–q4eZP / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere / cali:Oxpdldg7ZQAKVZSl / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere / cali:gUrZ8zgm6cnEDdzH /
RETURN all – anywhere anywhere / cali:LxAKVkwis9tm8OAK / / Return if profile accepted /
cali-pro-_kvQu8xaXYEM2wqqPSH all – anywhere anywhere / cali:wxD11Y-OeVZamw03 /
RETURN all – anywhere anywhere / cali:sDwAUnAdGQfliXNn / / Return if profile accepted /
DROP all – anywhere anywhere / cali:rZ8cFWELYvto8cWG / / Drop if no profiles matched */
Chain cali-fw-calic8676e725b9 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:T9ePpOFswHE9lO3Y / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:nPV97S79UC1Xuv6l / ctstate INVALID
MARK all – anywhere anywhere / cali:lVhfLE3oxqyFd-oq / MARK and 0xfffeffff
DROP udp – anywhere anywhere / cali:bvmtKEj7RsGpFW4Y / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere / cali:_PtJdN1dJzhNG99p / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere / cali:O1Q547POM3P34ds2 /
RETURN all – anywhere anywhere / cali:Zf0DcZ-i7U5ztusW / / Return if profile accepted /
cali-pro-_7bnNHSm00P51QAo5Qe all – anywhere anywhere / cali:ZKn-YppmnBQP1Ma2 /
RETURN all – anywhere anywhere / cali:tAGb85naXMk2Q0yA / / Return if profile accepted /
DROP all – anywhere anywhere / cali:nhUSOzRwT-PsCIZ7 / / Drop if no profiles matched */
Chain cali-pri-_7bnNHSm00P51QAo5Qe (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:ksjFpC8Po46siiFK / / Profile ksa.kube-system.rke2-coredns-rke2-coredns-autoscaler ingress */
Chain cali-pri-_8SDYViIwwzQDgRml2t (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:QsucD7WP9lso1vFm / / Profile ksa.kube-system.rke2-snapshot-validation-webhook ingress */
Chain cali-pri-_GyLFhtf5u9n-v9Ckd7 (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:Z9reHIOsxthYGfQR / / Profile ksa.kube-system.rke2-ingress-nginx ingress */
Chain cali-pri-_kvQu8xaXYEM2wqqPSH (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:9nsQKKnHwK9qmSqF / / Profile ksa.kube-system.rke2-metrics-server ingress */
Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:WqgznqAQ-uYV0oBx / / Profile ksa.kube-system.coredns ingress */
Chain cali-pri-_vOEu3o_UBpjhIsR6zZ (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:y1mg23JI0vvaftK3 / / Profile ksa.kube-system.rke2-snapshot-controller ingress */
Chain cali-pri-kns.default (1 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:WMSw8BmYOknRHfsz / / Profile kns.default ingress / MARK or 0x10000
RETURN all – anywhere anywhere / cali:z015TBt2tO4F28NC */
Chain cali-pri-kns.kube-system (6 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:J1TyxtHWd0qaBGK- / / Profile kns.kube-system ingress / MARK or 0x10000
RETURN all – anywhere anywhere / cali:QIB6k7eEKdIg73Jp */
Chain cali-pri-ksa.default.default (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:PrckJA84jX_kGp99 / / Profile ksa.default.default ingress */
Chain cali-pro-_7bnNHSm00P51QAo5Qe (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:Cn_XvK0BiITKuv_k / / Profile ksa.kube-system.rke2-coredns-rke2-coredns-autoscaler egress */
Chain cali-pro-_8SDYViIwwzQDgRml2t (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:tDXYmnqgw4o5XtKy / / Profile ksa.kube-system.rke2-snapshot-validation-webhook egress */
Chain cali-pro-_GyLFhtf5u9n-v9Ckd7 (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:H-PEsWIdyoAji9Ks / / Profile ksa.kube-system.rke2-ingress-nginx egress */
Chain cali-pro-_kvQu8xaXYEM2wqqPSH (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:LP1wkR0Ravtrgqj6 / / Profile ksa.kube-system.rke2-metrics-server egress */
Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:0-_UPh39dt5XfhmJ / / Profile ksa.kube-system.coredns egress */
Chain cali-pro-_vOEu3o_UBpjhIsR6zZ (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:NHAM-yUwuplXkSFw / / Profile ksa.kube-system.rke2-snapshot-controller egress */
Chain cali-pro-kns.default (1 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:Vr81boRqq4V77Sg8 / / Profile kns.default egress / MARK or 0x10000
RETURN all – anywhere anywhere / cali:2CkTlvGj1F9ZRYXl */
Chain cali-pro-kns.kube-system (6 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:tgOR2S8DVHZW3F1M / / Profile kns.kube-system egress / MARK or 0x10000
RETURN all – anywhere anywhere / cali:HVEEtYPJsiGRXCIt */
Chain cali-pro-ksa.default.default (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:bUZzZcietq9v5Ybq / / Profile ksa.default.default egress */
Chain cali-to-hep-forward (1 references)
target prot opt source destination
Chain cali-to-host-endpoint (1 references)
target prot opt source destination
Chain cali-to-wl-dispatch (1 references)
target prot opt source destination
cali-to-wl-dispatch-0 all – anywhere anywhere [goto] /* cali:dIkHjFD9PelLx7cm /
cali-tw-cali246872eb4af all – anywhere anywhere [goto] / cali:8HrfjdvCZg6_Wytj /
cali-tw-cali373ca29ad31 all – anywhere anywhere [goto] / cali:zU5ln3bNnB3eXxpe /
cali-to-wl-dispatch-7 all – anywhere anywhere [goto] / cali:kgLc_M2mrdRF1_0G /
cali-tw-calic8676e725b9 all – anywhere anywhere [goto] / cali:KJUoPNxBqfI0EOLf /
DROP all – anywhere anywhere / cali:HvE30uKOSwXaRapd / / Unknown interface */
Chain cali-to-wl-dispatch-0 (1 references)
target prot opt source destination
cali-tw-cali064f4851075 all – anywhere anywhere [goto] /* cali:g3q93ihiuvKg6jAA /
cali-tw-cali0a518845bb8 all – anywhere anywhere [goto] / cali:SsUjhGaPwwhFRKBV /
DROP all – anywhere anywhere / cali:lqZbx5Pf1ldVEcvw / / Unknown interface */
Chain cali-to-wl-dispatch-7 (1 references)
target prot opt source destination
cali-tw-cali750b6fce077 all – anywhere anywhere [goto] /* cali:XeUFav9-ec86Ls7L /
cali-tw-cali78235d27e3b all – anywhere anywhere [goto] / cali:CeE6CiDYj2omeslq /
DROP all – anywhere anywhere / cali:oI7PCGyG6QDC6Rji / / Unknown interface */
Chain cali-tw-cali064f4851075 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:y_jkhi_Gn4NromW9 / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:UlZ2t6HJJTMi2rKk / ctstate INVALID
MARK all – anywhere anywhere / cali:3gpgoiqoBDasicsR / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere / cali:A_R7ZhmaAUnjwdCL /
RETURN all – anywhere anywhere / cali:E0u_CaYR8b42XKVM / / Return if profile accepted /
cali-pri-_8SDYViIwwzQDgRml2t all – anywhere anywhere / cali:ochSZeMWoZSEa3ei /
RETURN all – anywhere anywhere / cali:TNR0qCQgD9-Ktwge / / Return if profile accepted /
DROP all – anywhere anywhere / cali:-hXsGfG1NjipOa6h / / Drop if no profiles matched */
Chain cali-tw-cali0a518845bb8 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:Igl30CFQNcO_xd1y / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:twjLrITPvuKTNvsq / ctstate INVALID
MARK all – anywhere anywhere / cali:P1VhTmYKIsBGZmun / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere / cali:f7hdMTgckyaVxhZd /
RETURN all – anywhere anywhere / cali:mknQw99ej7yXh-qT / / Return if profile accepted /
cali-pri-_u2Tn2rSoAPffvE7JO6 all – anywhere anywhere / cali:sZlQPKtmEwDanNug /
RETURN all – anywhere anywhere / cali:gzByK7Mkkofwwu59 / / Return if profile accepted /
DROP all – anywhere anywhere / cali:LklKjBvDvAIlLoMf / / Drop if no profiles matched */
Chain cali-tw-cali246872eb4af (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:lpxsi8-R5xu2H82c / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:7VpLbY9mbGTe5acw / ctstate INVALID
MARK all – anywhere anywhere / cali:9rqCLJV6k8UIFBQm / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere / cali:EV3uE0wtWQnyMdSI /
RETURN all – anywhere anywhere / cali:74RoJvj1rDI-9lVY / / Return if profile accepted /
cali-pri-_GyLFhtf5u9n-v9Ckd7 all – anywhere anywhere / cali:eEquF8VRpSyUJzC8 /
RETURN all – anywhere anywhere / cali:fMYsQAXGn-eJtU67 / / Return if profile accepted /
DROP all – anywhere anywhere / cali:l5IBnzd_uSPPMOaY / / Drop if no profiles matched */
Chain cali-tw-cali373ca29ad31 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:hKCQ3-o_EvDmA2e_ / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:CmcmDNjxWfcC0GV8 / ctstate INVALID
MARK all – anywhere anywhere / cali:0p05RGVH1vTMCu6H / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere / cali:D4WLNL7uEHJx3Cwc /
RETURN all – anywhere anywhere / cali:yBCQA79DlbAHKvlG / / Return if profile accepted /
cali-pri-_vOEu3o_UBpjhIsR6zZ all – anywhere anywhere / cali:mFM7-aAJ5z90MaX_ /
RETURN all – anywhere anywhere / cali:pmH3lKpszBMJvW-4 / / Return if profile accepted /
DROP all – anywhere anywhere / cali:JkEYwHXjzM5D6Wdz / / Drop if no profiles matched */
Chain cali-tw-cali750b6fce077 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:ZM3aET5yBBjraK3q / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:FA2aG3zFJ0aK65ya / ctstate INVALID
MARK all – anywhere anywhere / cali:l1ms-1cKeEmd6RO2 / MARK and 0xfffeffff
cali-pri-kns.default all – anywhere anywhere / cali:S0gs4jgBhH-O5NDb /
RETURN all – anywhere anywhere / cali:s_bTgMGcwu3Nk-x6 / / Return if profile accepted /
cali-pri-ksa.default.default all – anywhere anywhere / cali:vs6c5yUcRVMlbVqH /
RETURN all – anywhere anywhere / cali:ozyrn3zO87ihLfKm / / Return if profile accepted /
DROP all – anywhere anywhere / cali:jLIcGKO6F0cmTVXo / / Drop if no profiles matched */
Chain cali-tw-cali78235d27e3b (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:mQeuTsP6XPduHFR6 / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:kdwuoeNfD2P281Vs / ctstate INVALID
MARK all – anywhere anywhere / cali:ZeUF21r-sQu7RrYO / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere / cali:otQ-yljamb3bbJCC /
RETURN all – anywhere anywhere / cali:wbg4P3dzakTOiH6q / / Return if profile accepted /
cali-pri-_kvQu8xaXYEM2wqqPSH all – anywhere anywhere / cali:I2FZ9fqQeF-XweWS /
RETURN all – anywhere anywhere / cali:oW5zE7uT-LGIFN6_ / / Return if profile accepted /
DROP all – anywhere anywhere / cali:oRO4umTg82288iao / / Drop if no profiles matched */
Chain cali-tw-calic8676e725b9 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:cISeRKT_LtEjwC3h / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere / cali:McnSWUc50I2GzitX / ctstate INVALID
MARK all – anywhere anywhere / cali:-42WRF_cp9iUSzLd / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere / cali:ja049sMf7vssGgCM /
RETURN all – anywhere anywhere / cali:zMtgDheRPDXJiN_U / / Return if profile accepted /
cali-pri-_7bnNHSm00P51QAo5Qe all – anywhere anywhere / cali:hTEiqbU_m4WdPQ8U /
RETURN all – anywhere anywhere / cali:jZSj2RrT1Sm2rP62 / / Return if profile accepted /
DROP all – anywhere anywhere / cali:Cq7sm6S-UOahH2VU / / Drop if no profiles matched */
Chain cali-wl-to-host (1 references)
target prot opt source destination
cali-from-wl-dispatch all – anywhere anywhere /* cali:Ee9Sbo10IpVujdIY /
ACCEPT all – anywhere anywhere / cali:nSZbcOoG1xPONxb8 / / Configured DefaultEndpointToHostAction */