Chain PREROUTING (policy ACCEPT) target prot opt source destination KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ DOCKER_OUTPUT all -- 0.0.0.0/0 192.168.65.2 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ DOCKER_OUTPUT all -- 0.0.0.0/0 192.168.65.2 Chain POSTROUTING (policy ACCEPT) target prot opt source destination KUBE-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */ DOCKER_POSTROUTING all -- 0.0.0.0/0 192.168.65.2 KIND-MASQ-AGENT all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type !LOCAL /* kind-masq-agent: ensure nat POSTROUTING directs all non-LOCAL destination traffic to our custom KIND-MASQ-AGENT chain */ Chain DOCKER_OUTPUT (2 references) target prot opt source destination DNAT tcp -- 0.0.0.0/0 192.168.65.2 tcp dpt:53 to:127.0.0.11:40537 DNAT udp -- 0.0.0.0/0 192.168.65.2 udp dpt:53 to:127.0.0.11:37387 Chain DOCKER_POSTROUTING (1 references) target prot opt source destination SNAT tcp -- 127.0.0.11 0.0.0.0/0 tcp spt:40537 to:192.168.65.2:53 SNAT udp -- 127.0.0.11 0.0.0.0/0 udp spt:37387 to:192.168.65.2:53 Chain KIND-MASQ-AGENT (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 10.244.0.0/16 /* kind-masq-agent: local traffic is not subject to MASQUERADE */ MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 /* kind-masq-agent: outbound traffic is subject to MASQUERADE (must be last in chain) */ Chain KUBE-KUBELET-CANARY (0 references) target prot opt source destination Chain KUBE-MARK-DROP (0 references) target prot opt source destination MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000 Chain KUBE-MARK-MASQ (15 references) target prot opt source destination MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 Chain KUBE-NODEPORTS (1 references) target prot opt source destination KUBE-MARK-MASQ tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/test: */ tcp dpt:30000 KUBE-SVC-IOIC7CRUMQYLZ32S tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/test: */ tcp dpt:30000 Chain KUBE-POSTROUTING (1 references) target prot opt source destination MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000 random-fully Chain KUBE-PROXY-CANARY (0 references) target prot opt source destination Chain KUBE-SEP-BO7YT2KMVIOH6WRF (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.2.5 0.0.0.0/0 /* default/test: */ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/test: */ tcp to:10.244.2.5:8080 Chain KUBE-SEP-DLP2S2N3HX5UKLVP (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.2.3 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:10.244.2.3:53 Chain KUBE-SEP-IT2ZTR26TO4XFPTO (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.0.2 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:10.244.0.2:53 Chain KUBE-SEP-N4G2XR5TDX7PQE7P (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.0.2 0.0.0.0/0 /* kube-system/kube-dns:metrics */ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:metrics */ tcp to:10.244.0.2:9153 Chain KUBE-SEP-QDGUX4VYGOYVANTA (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.2.6 0.0.0.0/0 /* default/test: */ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/test: */ tcp to:10.244.2.6:8080 Chain KUBE-SEP-QKX4QX54UKWK6JIY (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 172.18.0.3 0.0.0.0/0 /* default/kubernetes:https */ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ tcp to:172.18.0.3:6443 Chain KUBE-SEP-TFTZVOJFQDTMM5AB (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.2.3 0.0.0.0/0 /* kube-system/kube-dns:metrics */ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:metrics */ tcp to:10.244.2.3:9153 Chain KUBE-SEP-YIL6JZP7A3QYXJU2 (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.0.2 0.0.0.0/0 /* kube-system/kube-dns:dns */ DNAT udp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:10.244.0.2:53 Chain KUBE-SEP-ZHICQ2ODADGCY7DS (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.2.3 0.0.0.0/0 /* kube-system/kube-dns:dns */ DNAT udp -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:10.244.2.3:53 Chain KUBE-SERVICES (2 references) target prot opt source destination KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:metrics cluster IP */ tcp dpt:9153 KUBE-SVC-JD5MR3NA4I4DYORP tcp -- 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:metrics cluster IP */ tcp dpt:9153 KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- 0.0.0.0/0 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.109.69.11 /* default/test: cluster IP */ tcp dpt:8080 KUBE-SVC-IOIC7CRUMQYLZ32S tcp -- 0.0.0.0/0 10.109.69.11 /* default/test: cluster IP */ tcp dpt:8080 KUBE-MARK-MASQ udp -- !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 KUBE-SVC-TCOU7JCQXEZGVUNU udp -- 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 KUBE-NODEPORTS all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references) target prot opt source destination KUBE-SEP-IT2ZTR26TO4XFPTO all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ statistic mode random probability 0.50000000000 KUBE-SEP-DLP2S2N3HX5UKLVP all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ Chain KUBE-SVC-IOIC7CRUMQYLZ32S (2 references) target prot opt source destination KUBE-SEP-BO7YT2KMVIOH6WRF all -- 0.0.0.0/0 0.0.0.0/0 /* default/test: */ statistic mode random probability 0.50000000000 KUBE-SEP-QDGUX4VYGOYVANTA all -- 0.0.0.0/0 0.0.0.0/0 /* default/test: */ Chain KUBE-SVC-JD5MR3NA4I4DYORP (1 references) target prot opt source destination KUBE-SEP-N4G2XR5TDX7PQE7P all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:metrics */ statistic mode random probability 0.50000000000 KUBE-SEP-TFTZVOJFQDTMM5AB all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:metrics */ Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references) target prot opt source destination KUBE-SEP-QKX4QX54UKWK6JIY all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references) target prot opt source destination KUBE-SEP-YIL6JZP7A3QYXJU2 all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ statistic mode random probability 0.50000000000 KUBE-SEP-ZHICQ2ODADGCY7DS all -- 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */