Cant access pods in one of the worker Node

I install a 3 node Kubernetes Cluster with RKE tool. The installation was successful with no errors but I’m unable to ping from one pod to another pod.

If I ping a pod running on worker2 node(NODE-IP-10.222.22.47) I get a response, but no responses from pods running on worker1(NODE-IP-10.222.22.46).

Master1=10.222.22.45

Worker1=10.222.22.46

Worker2=10.222.22.47

cluster_cidr: 10.42.0.0/16

service_cluster_ip_range: 10.43.0.0/16

cluster_dns_server: 10.43.0.10

Overlay network - canal

Docker - 20.10.7

firewall was disabled in all nodes before install.

Sysctl entries in all nodes

Check - sysctl net.bridge.bridge-nf-call-ip6tables

net.bridge.bridge-nf-call-ip6tables = 1

Check - sysctl net.bridge.bridge-nf-call-iptables

net.bridge.bridge-nf-call-iptables = 1

Cluster information:

Kubernetes version: v1.20.8 installed with rke tool
Cloud being used: On Oracle Cloud VM’s (not OKE)
Installation method: rke tool
Host OS: OS- CentOS Linux release 7.8.2003
CNI and version:0.3.1
CRI and version:

My Pods are as follows -

Also I noticed for some pods it has given node-ip addresses.

What’s your firewall rules like?

I’ve kinda gotten into the habit of deleting things like firewalld and ufw, before nuking my iptables rules and letting k8s just manage that. It’s a big pain to deal with chains that someone else made.

Firewall in all 3 nodes which run k8 are stopped and disabled before installation ?

Yeah, that’s fine, but when you install Kubernetes, iptables is going to used and any rules that were saved would be there.

iptables -L -n

I have put iptables of all 3 nodes for your reference.

Master Node - iptable
Chain INPUT (policy ACCEPT)
target prot opt source destination
cali-INPUT all – 0.0.0.0/0 0.0.0.0/0 /* cali:Cz_u1IQiXIMmKD4c /
KUBE-EXTERNAL-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes externally-visible service portals */
KUBE-FIREWALL all – 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
cali-FORWARD all – 0.0.0.0/0 0.0.0.0/0 /* cali:wUHhoiAYhphO9Mso /
KUBE-FORWARD all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding rules /
KUBE-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes service portals /
KUBE-EXTERNAL-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes externally-visible service portals /
DOCKER-USER all – 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 10.42.0.0/16 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 10.42.0.0/16
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:S93hcgKJrXEqnTfs / / Policy explicitly accepted packet. */ mark match 0x10000/0x10000

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cali-OUTPUT all – 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 /
KUBE-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes service portals */
KUBE-FIREWALL all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER (1 references)
target prot opt source destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all – 0.0.0.0/0 0.0.0.0/0
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain KUBE-EXTERNAL-SERVICES (2 references)
target prot opt source destination

Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets / mark match 0x8000/0x8000
DROP all – !127.0.0.0/8 127.0.0.0/8 / block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT

Chain KUBE-FORWARD (1 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules / mark match 0x4000/0x4000
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding conntrack pod source rule / ctstate RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED

Chain KUBE-KUBELET-CANARY (0 references)
target prot opt source destination

Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination

Chain KUBE-SERVICES (2 references)
target prot opt source destination

Chain cali-FORWARD (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:vjrMJCRpqwy5oRoX / MARK and 0xfff1ffff
cali-from-hep-forward all – 0.0.0.0/0 0.0.0.0/0 / cali:A_sPAO0mcxbT9mOV / mark match 0x0/0x10000
cali-from-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 / cali:8ZoYfO5HKXWbB3pk /
cali-to-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 / cali:jdEuaPBe14V2hutn /
cali-to-hep-forward all – 0.0.0.0/0 0.0.0.0/0 / cali:12bc6HljsMKsmfr- /
cali-cidr-block all – 0.0.0.0/0 0.0.0.0/0 / cali:NOSxoaGx8OIstr1z */

Chain cali-INPUT (1 references)
target prot opt source destination
cali-wl-to-host all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:FewJpBykm9iJ-YNH /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:hder3ARWznqqv8Va / mark match 0x10000/0x10000
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:xgOu2uJft6H9oDGF / MARK and 0xfff0ffff
cali-from-host-endpoint all – 0.0.0.0/0 0.0.0.0/0 / cali:_-d-qojMfHM6NwBo /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:LqmE76MP94lZTGhA / / Host endpoint policy accepted packet. */ mark match 0x10000/0x10000

Chain cali-OUTPUT (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:Mq1_rAdXXH3YkrzW / mark match 0x10000/0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:69FkRTJDvD5Vu6Vl /
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:Fskumj4SGQtDV6GC / MARK and 0xfff0ffff
cali-to-host-endpoint all – 0.0.0.0/0 0.0.0.0/0 / cali:8rXMdo5sNesjJxGc /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:Ja-pnrHi-PrNKxgd / / Host endpoint policy accepted packet. */ mark match 0x10000/0x10000

Chain cali-cidr-block (1 references)
target prot opt source destination

Chain cali-from-hep-forward (1 references)
target prot opt source destination

Chain cali-from-host-endpoint (1 references)
target prot opt source destination

Chain cali-from-wl-dispatch (2 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 /* cali:zTj6P0TIgYvgz-md / / Unknown interface */

Chain cali-to-hep-forward (1 references)
target prot opt source destination

Chain cali-to-host-endpoint (1 references)
target prot opt source destination

Chain cali-to-wl-dispatch (1 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 /* cali:7KNphB1nNHw80nIO / / Unknown interface */

Chain cali-wl-to-host (1 references)
target prot opt source destination
cali-from-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 /* cali:Ee9Sbo10IpVujdIY /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:nSZbcOoG1xPONxb8 / / Configured DefaultEndpointToHostAction */

Worker1 Node

Chain INPUT (policy ACCEPT)
target prot opt source destination
cali-INPUT all – 0.0.0.0/0 0.0.0.0/0 /* cali:Cz_u1IQiXIMmKD4c /
KUBE-EXTERNAL-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes externally-visible service portals */
KUBE-FIREWALL all – 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
cali-FORWARD all – 0.0.0.0/0 0.0.0.0/0 /* cali:wUHhoiAYhphO9Mso /
KUBE-FORWARD all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding rules /
KUBE-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes service portals /
KUBE-EXTERNAL-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes externally-visible service portals /
DOCKER-USER all – 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 10.42.0.0/16 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 10.42.0.0/16
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:S93hcgKJrXEqnTfs / / Policy explicitly accepted packet. */ mark match 0x10000/0x10000

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cali-OUTPUT all – 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 /
KUBE-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes service portals */
KUBE-FIREWALL all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER (1 references)
target prot opt source destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all – 0.0.0.0/0 0.0.0.0/0
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain KUBE-EXTERNAL-SERVICES (2 references)
target prot opt source destination

Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets / mark match 0x8000/0x8000
DROP all – !127.0.0.0/8 127.0.0.0/8 / block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT

Chain KUBE-FORWARD (1 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules / mark match 0x4000/0x4000
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding conntrack pod source rule / ctstate RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED

Chain KUBE-KUBELET-CANARY (0 references)
target prot opt source destination

Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination

Chain KUBE-SERVICES (2 references)
target prot opt source destination

Chain cali-FORWARD (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:vjrMJCRpqwy5oRoX / MARK and 0xfff1ffff
cali-from-hep-forward all – 0.0.0.0/0 0.0.0.0/0 / cali:A_sPAO0mcxbT9mOV / mark match 0x0/0x10000
cali-from-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 / cali:8ZoYfO5HKXWbB3pk /
cali-to-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 / cali:jdEuaPBe14V2hutn /
cali-to-hep-forward all – 0.0.0.0/0 0.0.0.0/0 / cali:12bc6HljsMKsmfr- /
cali-cidr-block all – 0.0.0.0/0 0.0.0.0/0 / cali:NOSxoaGx8OIstr1z */

Chain cali-INPUT (1 references)
target prot opt source destination
cali-wl-to-host all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:FewJpBykm9iJ-YNH /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:hder3ARWznqqv8Va / mark match 0x10000/0x10000
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:xgOu2uJft6H9oDGF / MARK and 0xfff0ffff
cali-from-host-endpoint all – 0.0.0.0/0 0.0.0.0/0 / cali:_-d-qojMfHM6NwBo /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:LqmE76MP94lZTGhA / / Host endpoint policy accepted packet. */ mark match 0x10000/0x10000

Chain cali-OUTPUT (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:Mq1_rAdXXH3YkrzW / mark match 0x10000/0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:69FkRTJDvD5Vu6Vl /
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:Fskumj4SGQtDV6GC / MARK and 0xfff0ffff
cali-to-host-endpoint all – 0.0.0.0/0 0.0.0.0/0 / cali:8rXMdo5sNesjJxGc /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:Ja-pnrHi-PrNKxgd / / Host endpoint policy accepted packet. */ mark match 0x10000/0x10000

Chain cali-cidr-block (1 references)
target prot opt source destination

Chain cali-from-hep-forward (1 references)
target prot opt source destination

Chain cali-from-host-endpoint (1 references)
target prot opt source destination

Chain cali-from-wl-dispatch (2 references)
target prot opt source destination
cali-from-wl-dispatch-1 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:aA7PbfJxlypkbHNq /
cali-fw-cali3d7e6352b32 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:6Z1Y3lNCS0sNKanU /
cali-fw-cali651550d94ad all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:uFzu0oGz6R1_DnlE /
cali-from-wl-dispatch-9 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:_hKlpC1yd6HimgAe /
cali-from-wl-dispatch-b all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:XxyAhaSULY5AZswc /
cali-fw-calie5ef9a13f2c all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:1kvl5RU3IPyFUNNb /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:sBpL2epIFD4UJtiq / / Unknown interface */

Chain cali-from-wl-dispatch-1 (1 references)
target prot opt source destination
cali-fw-cali12de44d411b all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:3gqct3es3iX4Ud8y /
cali-fw-cali1e80feaeef3 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:yLUWfNtcKUyhNbxo /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:QCSrPl7-aRez95sl / / Unknown interface */

Chain cali-from-wl-dispatch-9 (1 references)
target prot opt source destination
cali-fw-cali9116896e030 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:y5J2ry6s5QTVQzxM /
cali-fw-cali9cb7c9ce7e5 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:RA1t98rZFRawq8Ul /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:5VVW_tePpECwaNSa / / Unknown interface */

Chain cali-from-wl-dispatch-b (1 references)
target prot opt source destination
cali-fw-calib93ef850a62 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:iqOsZVFY_iNKNvyW /
cali-fw-calibd5ae439596 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:JnxRG4nCJDAp1GL4 /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:5WxRtpyeRw76k255 / / Unknown interface */

Chain cali-fw-cali12de44d411b (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:ggIqnGFTI9DORp8i / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:eFfM68MzIXZ9qXeo / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:lDKqmvKxO_iH150U / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:kl_DqxLLKGfScX77 / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:LZeFpPPyyQVdBtqt / / Drop IPinIP encapped packets originating in workloads /
cali-pro-_zN9V4TP8TWMxx3Uvy4 all – 0.0.0.0/0 0.0.0.0/0 / cali:7laO2YqreQgbr-3F /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:jwCYkLUTodDE5m7y / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_ZRWy1KOgd7sNYyJAiS all – 0.0.0.0/0 0.0.0.0/0 / cali:zUxKsxsrVAtgp080 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:RR6Tl6zLXM-IHogZ / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:iaiv0UpbBnCchDAi / / Drop if no profiles matched */

Chain cali-fw-cali1e80feaeef3 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:pRd2xEQLR24FI8_y / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:-axJ31nHE0n-w8fr / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:ZM5KsI6Y5RGDfsYS / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:czGuNSGlzmOtKUaw / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:-r6v97Nar38xOcp4 / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.cattle-system all – 0.0.0.0/0 0.0.0.0/0 / cali:c6xZ8oQ0POFsaZcM /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:GLlJrjvRR7lkalfq / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_CzmRP3MOS5D_XrEc44 all – 0.0.0.0/0 0.0.0.0/0 / cali:NiGKXL6MPzliCaEe /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:iyCZk6qUkHv6TVzw / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:vxn8QUFCDtZDh-DQ / / Drop if no profiles matched */

Chain cali-fw-cali3d7e6352b32 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:ctPzGuM3to-Rby2p / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:yChRDVJ8Jzj6g_e6 / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:Vo0Llyq9zCasnI7R / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:lr3uxt8_ZJHrwr_i / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:qJZbCoRj4EJe-eFa / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:4g1_6bvqDkmelnrD /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:j4WnlDEG-eNb0DYY / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_u2Tn2rSoAPffvE7JO6 all – 0.0.0.0/0 0.0.0.0/0 / cali:6MdPUr0Lc3hrMRhp /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:zOMp7Sjeu9c9flIx / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:-tpe6yWYQaGhvZFD / / Drop if no profiles matched */

Chain cali-fw-cali651550d94ad (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:rF7UNcTKBb8sdCHg / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:R7-tBHM0mEEGjRqb / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:8SBxBSgUt6KmnWHK / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:iYmVY8l_F1j9yFdB / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:-HWbPf2Ssg4OYH4X / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.cattle-system all – 0.0.0.0/0 0.0.0.0/0 / cali:-NbSASisWL_LT826 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:OE3OClL38FKD_3_T / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_Jt5JQO28LboxWwRucA all – 0.0.0.0/0 0.0.0.0/0 / cali:ahGFQY_qjXNycMT9 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:rrBxOOprJmSU8BRn / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:YPGOQYXqWRd-HOSk / / Drop if no profiles matched */

Chain cali-fw-cali9116896e030 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:LLbYiuEOL18cn18X / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:E2C97Pq5x4s-puzS / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:FZddHt0_YfwM9vAV / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:DZhZONifpVM6sI8_ / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:lwMZ6aEDclXzw5lD / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:Xu_UhPPShG5R9ZmM /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:A8n1PQVxNZJ9N4nL / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_PTRGc0U-L5Kz7V6ERW all – 0.0.0.0/0 0.0.0.0/0 / cali:f9EUREheOxC-iVFp /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:kE3dityw4Gt3lZpc / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:1POMYhqtCB-zKvoG / / Drop if no profiles matched */

Chain cali-fw-cali9cb7c9ce7e5 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:yTzN6j0QfXOrI_8O / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:4SIQ2FoyLrv21GKL / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:RhTingP-tT2sZQQX / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:FOKPs0kiBrDuSmv8 / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:8WEkoNA56hv1rYNo / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.cert-manager all – 0.0.0.0/0 0.0.0.0/0 / cali:IU8a1pRzE7OLH4uK /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:77gJ7WMTNxd05bxh / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_PgPzuEog6NthE7r2PG all – 0.0.0.0/0 0.0.0.0/0 / cali:WnkToGU2LIrD-kPJ /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:BOv7r9SnVA1NykSl / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:VOXK9QpBaMmSL4K6 / / Drop if no profiles matched */

Chain cali-fw-calib93ef850a62 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:SJwVuUz4RHEthKcy / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:gW9kQzxGQyvJb3OX / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:Kujrfg5c5hJJjAVV / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:ZeI4zzRvnVLHUCIT / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:gBah5uE085w-pW1C / / Drop IPinIP encapped packets originating in workloads /
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:hhSI6hdSp5rQp0Em / / Start of policies / MARK and 0xfffdffff
cali-po-_2NNbiTOVqLt7AwxijAE all – 0.0.0.0/0 0.0.0.0/0 / cali:3iZ8vVTm2P6us_iu / mark match 0x0/0x20000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:LP4HL3t9aCCXot0O / / Return if policy accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:wFNexSVYKwnJ6SJ0 / / Drop if no policies passed packet / mark match 0x0/0x20000
cali-pro-kns.fleet-system all – 0.0.0.0/0 0.0.0.0/0 / cali:6c9Kntxrp76KdWGz /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:Z5_dRk1i_427u_Pw / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_bIaI2bhHp9bRPLyI7W all – 0.0.0.0/0 0.0.0.0/0 / cali:2E84O30Buk3yhG7R /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:tfhi77sO9h-NrEPq / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:aU2d4wAaIZx_5ZxD / / Drop if no profiles matched */

Chain cali-fw-calibd5ae439596 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:xcOOHxlHY-b7F9-O / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:2am5AjoixmGLdS5e / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:OlMoxHJCHSYUe1KP / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:F0mZEe9HqfA1-xUG / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:-3Q-PU6dlerOx1m1 / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:og4S4_cC53LCWTpI /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:VCoWL7VELbTZuauX / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_npJ7qTPnQvugDgIE9J all – 0.0.0.0/0 0.0.0.0/0 / cali:dHe9cqeo__0GpRsD /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:R-4lRg-RPNjni_tf / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:MxXjHC_l7KUyjtVy / / Drop if no profiles matched */

Chain cali-fw-calie5ef9a13f2c (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:8ayh9myjhjryUCqf / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:6jXuUcu44OTIEYJg / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:kOMOieITynN5AtQf / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:ME7xWTGGBArJe6-n / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:UPjV9pqbKjoOI-T9 / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.cattle-system all – 0.0.0.0/0 0.0.0.0/0 / cali:ATovlGZ7wETEnukq /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:AHH3WfyviOzebr1r / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_CzmRP3MOS5D_XrEc44 all – 0.0.0.0/0 0.0.0.0/0 / cali:UyBlS_z6PH-Tibsa /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:2p_QyHrf3rlVbPKy / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:iu8VMe9-na4hVvXH / / Drop if no profiles matched */

Chain cali-pi-_2NNbiTOVqLt7AwxijAE (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:OKpDPnciKfoikcuD / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:i2SpuC-MR5jdmbte */ mark match 0x10000/0x10000

Chain cali-po-2NNbiTOVqLt7AwxijAE (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:CIZwK0HCCFmQksT / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:vNIBxbhjUrk1wyAz */ mark match 0x10000/0x10000

Chain cali-pri-_CzmRP3MOS5D_XrEc44 (2 references)
target prot opt source destination

Chain cali-pri-_Jt5JQO28LboxWwRucA (1 references)
target prot opt source destination

Chain cali-pri-_PTRGc0U-L5Kz7V6ERW (1 references)
target prot opt source destination

Chain cali-pri-_PgPzuEog6NthE7r2PG (1 references)
target prot opt source destination

Chain cali-pri-_ZRWy1KOgd7sNYyJAiS (1 references)
target prot opt source destination

Chain cali-pri-_bIaI2bhHp9bRPLyI7W (1 references)
target prot opt source destination

Chain cali-pri-_npJ7qTPnQvugDgIE9J (1 references)
target prot opt source destination

Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination

Chain cali-pri-_zN9V4TP8TWMxx3Uvy4 (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:vGlaLVzBn09EVngn / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:V5zOR9JVPCUU0lLy */ mark match 0x10000/0x10000

Chain cali-pri-kns.cattle-system (3 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:blfKjcY1bW5P59PS / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:cOr8yOvbzAjvJk4K */ mark match 0x10000/0x10000

Chain cali-pri-kns.cert-manager (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:VjKTHGfJJd5MQL70 / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:2Z9QPUpCU8jH5jkq */ mark match 0x10000/0x10000

Chain cali-pri-kns.fleet-system (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:22eD1-o0WJI6AJjq / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:xCDc-DtymZlolese */ mark match 0x10000/0x10000

Chain cali-pri-kns.kube-system (3 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:zoH5gU6U55FKZxEo / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:bcGRIJcyOS9dgBiB */ mark match 0x10000/0x10000

Chain cali-pro-_CzmRP3MOS5D_XrEc44 (2 references)
target prot opt source destination

Chain cali-pro-_Jt5JQO28LboxWwRucA (1 references)
target prot opt source destination

Chain cali-pro-_PTRGc0U-L5Kz7V6ERW (1 references)
target prot opt source destination

Chain cali-pro-_PgPzuEog6NthE7r2PG (1 references)
target prot opt source destination

Chain cali-pro-_ZRWy1KOgd7sNYyJAiS (1 references)
target prot opt source destination

Chain cali-pro-_bIaI2bhHp9bRPLyI7W (1 references)
target prot opt source destination

Chain cali-pro-_npJ7qTPnQvugDgIE9J (1 references)
target prot opt source destination

Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination

Chain cali-pro-_zN9V4TP8TWMxx3Uvy4 (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:ceuzsfRaJv77NPLP / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:Brh8M5bSm6OjbHls */ mark match 0x10000/0x10000

Chain cali-pro-kns.cattle-system (3 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:IClMGDKmI4RBpktd / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:iBJqPq9boKtL_Qr- */ mark match 0x10000/0x10000

Chain cali-pro-kns.cert-manager (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:mToMu4GtpvEgL8Z3 / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:SUxSX6T2k1OVPLgx */ mark match 0x10000/0x10000

Chain cali-pro-kns.fleet-system (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:cW7Tyghq3Zej-Lxa / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:finbCrQF1hg3_U-Y */ mark match 0x10000/0x10000

Chain cali-pro-kns.kube-system (3 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:-50oJuMfLVO3LkBk / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:ztVPKv1UYejNzm1g */ mark match 0x10000/0x10000

Chain cali-to-hep-forward (1 references)
target prot opt source destination

Chain cali-to-host-endpoint (1 references)
target prot opt source destination

Chain cali-to-wl-dispatch (1 references)
target prot opt source destination
cali-to-wl-dispatch-1 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:svNUGuuCd7LCNEXq /
cali-tw-cali3d7e6352b32 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:_sSZGPsXTas4PnO7 /
cali-tw-cali651550d94ad all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:kOu6JaKIcvt2HXhd /
cali-to-wl-dispatch-9 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:BO107BReUT3iwsbD /
cali-to-wl-dispatch-b all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:j-6_VW7Ull5wdrle /
cali-tw-calie5ef9a13f2c all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:_eMnOzDbQCopR1SH /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:ZkPUJkmGa-nv32Rr / / Unknown interface */

Chain cali-to-wl-dispatch-1 (1 references)
target prot opt source destination
cali-tw-cali12de44d411b all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:sPfzIDxEMrRqx51R /
cali-tw-cali1e80feaeef3 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:znUTfPi-Tn3jXn08 /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:nVb-N6kHyUiE3boM / / Unknown interface */

Chain cali-to-wl-dispatch-9 (1 references)
target prot opt source destination
cali-tw-cali9116896e030 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:IO_sv3ZAK4fpRv9q /
cali-tw-cali9cb7c9ce7e5 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:Bbmm3aBxqKuxfT-O /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:ZrCLiNPB__OshLtF / / Unknown interface */

Chain cali-to-wl-dispatch-b (1 references)
target prot opt source destination
cali-tw-calib93ef850a62 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:5Y4nMn9dwB3r4RqU /
cali-tw-calibd5ae439596 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:e-XFydzsAUEzhJ0K /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:VraoNZnk9B5JsRU0 / / Unknown interface */

Chain cali-tw-cali12de44d411b (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:Ltxg_I8SohcDbIxX / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:YIM3LC1K1Vk4D_TD / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:CYxIkNjQEAw9mQt_ / MARK and 0xfffeffff
cali-pri-_zN9V4TP8TWMxx3Uvy4 all – 0.0.0.0/0 0.0.0.0/0 / cali:NKQStOSLT77zBXRp /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:WNNsJU3JhXEUlurr / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_ZRWy1KOgd7sNYyJAiS all – 0.0.0.0/0 0.0.0.0/0 / cali:i3UwpcM9qB7buofb /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:Y4NBTreu4fEAqvUw / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:d-j924C9mGPrdYo- / / Drop if no profiles matched */

Chain cali-tw-cali1e80feaeef3 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:ELn6JKDOJ3x3u1Hm / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:PDE75CvnRXeoqSDQ / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:a7TIbSM_wDvUkCGb / MARK and 0xfffeffff
cali-pri-kns.cattle-system all – 0.0.0.0/0 0.0.0.0/0 / cali:4jrsoQcLtcCoeOm- /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:qex0aC_ErsbWbvAN / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_CzmRP3MOS5D_XrEc44 all – 0.0.0.0/0 0.0.0.0/0 / cali:TL2XbSP8XfPuKkFg /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:MS6A-UNslPRJ_J4b / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:UZmaiuCEnc_YsIj0 / / Drop if no profiles matched */

Chain cali-tw-cali3d7e6352b32 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:CeBjxQ2fh7ISL6ow / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:bnm2lMBMi40YQDkJ / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:xJ9lT9bmefN_I9-v / MARK and 0xfffeffff
cali-pri-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:6kvcZESldgPm2Vlo /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:gBsgOnzwCNvGXvl6 / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_u2Tn2rSoAPffvE7JO6 all – 0.0.0.0/0 0.0.0.0/0 / cali:hVOw8FrMgvD9bvoc /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:cU6Nv0mZ-0oa8suk / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:fwA4RFqHddTbvST3 / / Drop if no profiles matched */

Chain cali-tw-cali651550d94ad (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:dJ2uhISmXYOjRDFw / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:92P4L2WaXptMT7yt / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:TerIka4GYl734iRm / MARK and 0xfffeffff
cali-pri-kns.cattle-system all – 0.0.0.0/0 0.0.0.0/0 / cali:fELiDwlm7kUVyg69 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:pwR0oJIM-DhX696v / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_Jt5JQO28LboxWwRucA all – 0.0.0.0/0 0.0.0.0/0 / cali:s-9H5DeX4wWNuSBd /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:SQs4YZng-sm_B1hA / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:EOwTfRW23j1MRtW8 / / Drop if no profiles matched */

Chain cali-tw-cali9116896e030 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:QKHzSWpQTrDoEDi2 / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:NqUEk74jsrVdc5rz / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:7xkvKXt2j_05BfSl / MARK and 0xfffeffff
cali-pri-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:PEqkRfTPhbN2TULw /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:1IMqbmEqhDsjt8aX / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_PTRGc0U-L5Kz7V6ERW all – 0.0.0.0/0 0.0.0.0/0 / cali:npyNHc_818BMfunI /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:20wRAX_guQ20A0Jn / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:3yIkL5vBw8sX1jr7 / / Drop if no profiles matched */

Chain cali-tw-cali9cb7c9ce7e5 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:j4BKPz5alwSiHO1n / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:_7LDozXYgFBTJz7F / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:HR67TAYHhm1kKWjv / MARK and 0xfffeffff
cali-pri-kns.cert-manager all – 0.0.0.0/0 0.0.0.0/0 / cali:mHMJKeqXLKaP4eqn /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:ifAqDO_QaFHo7fdO / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_PgPzuEog6NthE7r2PG all – 0.0.0.0/0 0.0.0.0/0 / cali:a6Iq4XpNQcQ91bjo /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:UkUVrmLQu4BY-I3m / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:mwkCsPTrilSfMRLY / / Drop if no profiles matched */

Chain cali-tw-calib93ef850a62 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:Gx1GpQa1njkyvyBu / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:a-w-Y0aqmrOsBv8a / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:J710LtiVtU0wavj3 / MARK and 0xfffeffff
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:RU5GWFvrWC-ZLmXF / / Start of policies / MARK and 0xfffdffff
cali-pi-_2NNbiTOVqLt7AwxijAE all – 0.0.0.0/0 0.0.0.0/0 / cali:CTLp9VuBvgi9I2X4 / mark match 0x0/0x20000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:kACx4xGfgrCuYyoA / / Return if policy accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:t7f9oLycZMcL-PF1 / / Drop if no policies passed packet / mark match 0x0/0x20000
cali-pri-kns.fleet-system all – 0.0.0.0/0 0.0.0.0/0 / cali:TPxZbKwULJDBqCJW /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:cu99Vg1JSKyMJegM / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_bIaI2bhHp9bRPLyI7W all – 0.0.0.0/0 0.0.0.0/0 / cali:STpsp2WfpUeKvs3z /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:bQsBVFKsGukgqolo / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:OnePZQ9KjZPQQvBg / / Drop if no profiles matched */

Chain cali-tw-calibd5ae439596 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:cN9GBPafqeSPBS4C / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:eApbZ0bYy4i-YmtD / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:rU3d7Kht45DL2Va1 / MARK and 0xfffeffff
cali-pri-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:KMwUl9hHCESgj_BJ /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:Abz80OtDAW00wHgv / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_npJ7qTPnQvugDgIE9J all – 0.0.0.0/0 0.0.0.0/0 / cali:G_sMrfovolJRFjQf /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:Qa6Bwpz6sfxTKTmm / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:pYJ-lYwPYOnl9zHo / / Drop if no profiles matched */

Chain cali-tw-calie5ef9a13f2c (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:6-7UPBP3dMtn45Pf / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:ixVuazedjVsiAgwx / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:nIP3GyXXMQKauj5j / MARK and 0xfffeffff
cali-pri-kns.cattle-system all – 0.0.0.0/0 0.0.0.0/0 / cali:BdhawDorK-fqv52h /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:s42ph8pjIggQn5u2 / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_CzmRP3MOS5D_XrEc44 all – 0.0.0.0/0 0.0.0.0/0 / cali:QYwQ_gk5BA2sXYO9 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:plBjVZc7Feu6I368 / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:7qghUFzsmpnBuLYH / / Drop if no profiles matched */

Chain cali-wl-to-host (1 references)
target prot opt source destination
cali-from-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 /* cali:Ee9Sbo10IpVujdIY /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:nSZbcOoG1xPONxb8 / / Configured DefaultEndpointToHostAction */

Worker2 Node

Authenticating with public key “rsa-key-20210329”
Last login: Thu Jul 1 11:13:45 2021 from 175.157.237.225
[opc@mzworker2 ~]$ iptables -L -n
iptables v1.4.21: can’t initialize iptables table `filter’: Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
[opc@mzworker2 ~]$ sudo su -
Last login: Thu Jul 1 11:13:54 GMT 2021 on pts/0
[root@mzworker2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
cali-INPUT all – 0.0.0.0/0 0.0.0.0/0 /* cali:Cz_u1IQiXIMmKD4c /
KUBE-EXTERNAL-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes externally-visible service portals */
KUBE-FIREWALL all – 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
cali-FORWARD all – 0.0.0.0/0 0.0.0.0/0 /* cali:wUHhoiAYhphO9Mso /
KUBE-FORWARD all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding rules /
KUBE-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes service portals /
KUBE-EXTERNAL-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes externally-visible service portals /
DOCKER-USER all – 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 10.42.0.0/16 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 10.42.0.0/16
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:S93hcgKJrXEqnTfs / / Policy explicitly accepted packet. */ mark match 0x10000/0x10000

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cali-OUTPUT all – 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 /
KUBE-SERVICES all – 0.0.0.0/0 0.0.0.0/0 ctstate NEW / kubernetes service portals */
KUBE-FIREWALL all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER (1 references)
target prot opt source destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all – 0.0.0.0/0 0.0.0.0/0
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain KUBE-EXTERNAL-SERVICES (2 references)
target prot opt source destination

Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets / mark match 0x8000/0x8000
DROP all – !127.0.0.0/8 127.0.0.0/8 / block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT

Chain KUBE-FORWARD (1 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules / mark match 0x4000/0x4000
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding conntrack pod source rule / ctstate RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED

Chain KUBE-KUBELET-CANARY (0 references)
target prot opt source destination

Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination

Chain KUBE-SERVICES (2 references)
target prot opt source destination

Chain cali-FORWARD (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:vjrMJCRpqwy5oRoX / MARK and 0xfff1ffff
cali-from-hep-forward all – 0.0.0.0/0 0.0.0.0/0 / cali:A_sPAO0mcxbT9mOV / mark match 0x0/0x10000
cali-from-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 / cali:8ZoYfO5HKXWbB3pk /
cali-to-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 / cali:jdEuaPBe14V2hutn /
cali-to-hep-forward all – 0.0.0.0/0 0.0.0.0/0 / cali:12bc6HljsMKsmfr- /
cali-cidr-block all – 0.0.0.0/0 0.0.0.0/0 / cali:NOSxoaGx8OIstr1z */

Chain cali-INPUT (1 references)
target prot opt source destination
cali-wl-to-host all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:FewJpBykm9iJ-YNH /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:hder3ARWznqqv8Va / mark match 0x10000/0x10000
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:xgOu2uJft6H9oDGF / MARK and 0xfff0ffff
cali-from-host-endpoint all – 0.0.0.0/0 0.0.0.0/0 / cali:_-d-qojMfHM6NwBo /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:LqmE76MP94lZTGhA / / Host endpoint policy accepted packet. */ mark match 0x10000/0x10000

Chain cali-OUTPUT (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:Mq1_rAdXXH3YkrzW / mark match 0x10000/0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:69FkRTJDvD5Vu6Vl /
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:Fskumj4SGQtDV6GC / MARK and 0xfff0ffff
cali-to-host-endpoint all – 0.0.0.0/0 0.0.0.0/0 / cali:8rXMdo5sNesjJxGc /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:Ja-pnrHi-PrNKxgd / / Host endpoint policy accepted packet. */ mark match 0x10000/0x10000

Chain cali-cidr-block (1 references)
target prot opt source destination

Chain cali-from-hep-forward (1 references)
target prot opt source destination

Chain cali-from-host-endpoint (1 references)
target prot opt source destination

Chain cali-from-wl-dispatch (2 references)
target prot opt source destination
cali-from-wl-dispatch-1 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:aA7PbfJxlypkbHNq /
cali-fw-cali311a947d890 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:TZriJcVu00rs5K70 /
cali-fw-cali4dc053b3e3f all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:e29bRBGJcJACS5nF /
cali-from-wl-dispatch-6 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:JkFngiJwaXA8ACMz /
cali-fw-cali841e79c12ad all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:DifGcTopFRh7QB77 /
cali-fw-calia9ae65d3486 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:EkpiY65l966jJzev /
cali-fw-calib3c61c3cba9 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:7XDihNrrwDc5c9K0 /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:BHtc6NpJzpBrliMc / / Unknown interface */

Chain cali-from-wl-dispatch-1 (1 references)
target prot opt source destination
cali-fw-cali13f34138a72 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:MCNFR5zzvaH_YRn1 /
cali-fw-cali1c8548f7662 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:8nqToWEAVr9ascy3 /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:_DMX68loRMrrjyeM / / Unknown interface */

Chain cali-from-wl-dispatch-6 (1 references)
target prot opt source destination
cali-fw-cali601865f7adc all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:BfbiZDSiKthNSlKO /
cali-fw-cali66d1220e0bf all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:EKEWgBza1Pvnr9ZP /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:cKK4F1eW1rHGTfg_ / / Unknown interface */

Chain cali-fw-cali13f34138a72 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:3XEbHT72zbeeW6Vc / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:v99aVmn6_bgkAZt6 / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:Vcx6Om1UQt1RlN9d / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:MfRgy-0Fu-zVRc5p / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:Xp2UFMIFlaPpOTaD / / Drop IPinIP encapped packets originating in workloads /
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:KIqucJmPIhqg2F1p / / Start of policies / MARK and 0xfffdffff
cali-po-_2NNbiTOVqLt7AwxijAE all – 0.0.0.0/0 0.0.0.0/0 / cali:OQLbDL6W6BHtqAaj / mark match 0x0/0x20000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:UHrgWp5XTDtWbC0n / / Return if policy accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:oMCWMW4lvbciaKDY / / Drop if no policies passed packet / mark match 0x0/0x20000
cali-pro-kns.fleet-system all – 0.0.0.0/0 0.0.0.0/0 / cali:BoYRRR_8Z_sv5L-j /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:Ku9Tn9bY0_gzwP42 / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_i0Q3mE3gxC8gqoQRBK all – 0.0.0.0/0 0.0.0.0/0 / cali:ACjIw3H4atdHGwbl /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:fJTfbQtK_jRYppY1 / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:FCXsQihvLd3mny7b / / Drop if no profiles matched */

Chain cali-fw-cali1c8548f7662 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:WmtsF-2kzZBCrKbb / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:DxwTeJL37i7_j0h5 / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:mISiBuYV9NMERZk3 / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:eDUxMoqfXS3K978C / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:f0Y4yfCvws1UPZhW / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.cattle-system all – 0.0.0.0/0 0.0.0.0/0 / cali:ZrO1wB8Q1QZNJmuD /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:fp5kcKPdOH-BJwgp / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_CzmRP3MOS5D_XrEc44 all – 0.0.0.0/0 0.0.0.0/0 / cali:lrVVPwQno-GcbK8S /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:aFAeN69tQRx0Cwg5 / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:9KkiV9C3p4DOn03T / / Drop if no profiles matched */

Chain cali-fw-cali311a947d890 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:ST90h8jfuJ7Sw9RB / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:oLre8kRpf-H_tSNR / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:221gAaUn5cQnALCG / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:FsC5Mma8Ivsm9Y6b / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:yRmxb7MlxIwes7Kd / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.metallb-system all – 0.0.0.0/0 0.0.0.0/0 / cali:ITrL6X88F1OPvVpf /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:obIhTd0P7g3JGkTB / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_rfesb_Nv6QzsjWHy5M all – 0.0.0.0/0 0.0.0.0/0 / cali:RGiFxt5Hh8CUkVJ8 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:wvYcgLEoMiwy5Ta- / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:-tGsqJ2Sv5AV1-TT / / Drop if no profiles matched */

Chain cali-fw-cali4dc053b3e3f (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:9R17emJvq5EKlLTp / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:stV83IWH2yiZFvPN / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:-bQfKZVazNDiip2I / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:GwvupCOoCzihykDz / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:WFuf59yWeNmgEjvT / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.cert-manager all – 0.0.0.0/0 0.0.0.0/0 / cali:3x-EYwOZpgu91g4c /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:cVsXtaEcQw-TFGMB / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_PfNIBb694QWVrNir-D all – 0.0.0.0/0 0.0.0.0/0 / cali:R5nakuzHDVpWDfuQ /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:ZHsFWFCGIy0ZMvNc / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:tpUBhGIOGljUg4Tr / / Drop if no profiles matched */

Chain cali-fw-cali601865f7adc (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:qrEfS2iIp1-IKq-d / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:nwhqj_sst8DVNdFS / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:MmyDzyGjo-q72jjb / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:3OAG6s6JeZQX-MKJ / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:FxW0V1siBQD0mL4y / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:sg7nMRMzGVQycTP6 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:hjJck2NaBMC9e4yS / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_u2Tn2rSoAPffvE7JO6 all – 0.0.0.0/0 0.0.0.0/0 / cali:nW9gTICb935evt-1 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:cg22JUZPheiVwTrQ / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:2z80xOqcfgBEQ30h / / Drop if no profiles matched */

Chain cali-fw-cali66d1220e0bf (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:SJm6KREhTcjdpYxC / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:jh7w-4ftBGXyHUTf / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:7hq6enki291zjmV0 / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:zUZLv-aqu3WAjhu0 / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:PMlF9wARp7W98KGp / / Drop IPinIP encapped packets originating in workloads /
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:A5yZyTPsk6fjZnKJ / / Start of policies / MARK and 0xfffdffff
cali-po-_2NNbiTOVqLt7AwxijAE all – 0.0.0.0/0 0.0.0.0/0 / cali:M8P9eo7Syb_L0eXw / mark match 0x0/0x20000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:h4SUOatax3i69v0w / / Return if policy accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:xCbIyygoA3C3A9Vd / / Drop if no policies passed packet / mark match 0x0/0x20000
cali-pro-kns.fleet-system all – 0.0.0.0/0 0.0.0.0/0 / cali:lUn0pB3kw-k0WfbW /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:2Og0VnQO0KwtoK8R / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_-VBQwle9MyLx-am3Ao all – 0.0.0.0/0 0.0.0.0/0 / cali:6H9wt6UDQwnO4Z5Z /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:IndDepaX0klfnUHP / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:pmbLj2rpSNOrhdHc / / Drop if no profiles matched */

Chain cali-fw-cali841e79c12ad (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:bCqkM6dEZUyB82L9 / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:qdOECFZPcyLythtd / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:zw-hoZLI7KigELur / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:FssBQbtBA6XBbYt1 / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:BI5CqaJ9UX7sdKWo / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:XNXM_nXhoahLpA3P /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:s63fIiTvgzA1E8QI / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_CVSZITRyIpEmH8AB6H all – 0.0.0.0/0 0.0.0.0/0 / cali:f3peT6L_Xroi6p1Y /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:57o7yxbWoQvcj-sL / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:D–XQRWXr3pZNYMZ / / Drop if no profiles matched */

Chain cali-fw-calia9ae65d3486 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:udat2YKSMSE59HRo / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:EieWfsyHJtlDdw1m / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:qXzl_Hmmkd4dC6On / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:hXEyX5W2qNPXiJbR / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:cJL7ha8ySXsFKQvb / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.cert-manager all – 0.0.0.0/0 0.0.0.0/0 / cali:XbuOYLMMMsZNsyTA /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:9kSbOjq3LBTcl9Ww / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-_zkO6GKYeniG6-oa73y all – 0.0.0.0/0 0.0.0.0/0 / cali:Vdw8F0TT9uMN8U6X /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:wuJPyaRhkGiGDJFT / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:iEliE_CjdDiuFnVB / / Drop if no profiles matched */

Chain cali-fw-calib3c61c3cba9 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:bFkWuXTY4cHRsWCw / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:Yz28x-xlZn3iK1dm / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:hNHUX-t0brxvobsq / MARK and 0xfffeffff
DROP udp – 0.0.0.0/0 0.0.0.0/0 / cali:zcm2POu6Mo0LAV1k / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP 4 – 0.0.0.0/0 0.0.0.0/0 / cali:DwmLW-ADFbvCVMfq / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.default all – 0.0.0.0/0 0.0.0.0/0 / cali:AdEJ83cx93vOFgSp /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:cjz_9Zh_TDJTWzWk / / Return if profile accepted / mark match 0x10000/0x10000
cali-pro-ksa.default.default all – 0.0.0.0/0 0.0.0.0/0 / cali:0oinIgeZuK–S8aG /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:0_TxaYf8xQRbbTfr / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:PcQjLe_fD4RDZOPL / / Drop if no profiles matched */

Chain cali-pi-_2NNbiTOVqLt7AwxijAE (2 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:OKpDPnciKfoikcuD / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:i2SpuC-MR5jdmbte */ mark match 0x10000/0x10000

Chain cali-po-2NNbiTOVqLt7AwxijAE (2 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:CIZwK0HCCFmQksT / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:vNIBxbhjUrk1wyAz */ mark match 0x10000/0x10000

Chain cali-pri-_-VBQwle9MyLx-am3Ao (1 references)
target prot opt source destination

Chain cali-pri-_CVSZITRyIpEmH8AB6H (1 references)
target prot opt source destination

Chain cali-pri-_CzmRP3MOS5D_XrEc44 (1 references)
target prot opt source destination

Chain cali-pri-_PfNIBb694QWVrNir-D (1 references)
target prot opt source destination

Chain cali-pri-_i0Q3mE3gxC8gqoQRBK (1 references)
target prot opt source destination

Chain cali-pri-_rfesb_Nv6QzsjWHy5M (1 references)
target prot opt source destination

Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination

Chain cali-pri-_zkO6GKYeniG6-oa73y (1 references)
target prot opt source destination

Chain cali-pri-kns.cattle-system (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:blfKjcY1bW5P59PS / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:cOr8yOvbzAjvJk4K */ mark match 0x10000/0x10000

Chain cali-pri-kns.cert-manager (2 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:VjKTHGfJJd5MQL70 / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:2Z9QPUpCU8jH5jkq */ mark match 0x10000/0x10000

Chain cali-pri-kns.default (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:7Fnh7Pv3_98FtLW7 / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:ZbV6bJXWSRefjK0u */ mark match 0x10000/0x10000

Chain cali-pri-kns.fleet-system (2 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:22eD1-o0WJI6AJjq / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:xCDc-DtymZlolese */ mark match 0x10000/0x10000

Chain cali-pri-kns.kube-system (2 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:zoH5gU6U55FKZxEo / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:bcGRIJcyOS9dgBiB */ mark match 0x10000/0x10000

Chain cali-pri-kns.metallb-system (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:VY7bEc0s87Rz2RVW / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:VK8fbRHXbge2yaKF */ mark match 0x10000/0x10000

Chain cali-pri-ksa.default.default (1 references)
target prot opt source destination

Chain cali-pro-_-VBQwle9MyLx-am3Ao (1 references)
target prot opt source destination

Chain cali-pro-_CVSZITRyIpEmH8AB6H (1 references)
target prot opt source destination

Chain cali-pro-_CzmRP3MOS5D_XrEc44 (1 references)
target prot opt source destination

Chain cali-pro-_PfNIBb694QWVrNir-D (1 references)
target prot opt source destination

Chain cali-pro-_i0Q3mE3gxC8gqoQRBK (1 references)
target prot opt source destination

Chain cali-pro-_rfesb_Nv6QzsjWHy5M (1 references)
target prot opt source destination

Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination

Chain cali-pro-_zkO6GKYeniG6-oa73y (1 references)
target prot opt source destination

Chain cali-pro-kns.cattle-system (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:IClMGDKmI4RBpktd / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:iBJqPq9boKtL_Qr- */ mark match 0x10000/0x10000

Chain cali-pro-kns.cert-manager (2 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:mToMu4GtpvEgL8Z3 / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:SUxSX6T2k1OVPLgx */ mark match 0x10000/0x10000

Chain cali-pro-kns.default (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:oLzzje5WExbgfib5 / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:4goskqvxh5xcGw3s */ mark match 0x10000/0x10000

Chain cali-pro-kns.fleet-system (2 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:cW7Tyghq3Zej-Lxa / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:finbCrQF1hg3_U-Y */ mark match 0x10000/0x10000

Chain cali-pro-kns.kube-system (2 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:-50oJuMfLVO3LkBk / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:ztVPKv1UYejNzm1g */ mark match 0x10000/0x10000

Chain cali-pro-kns.metallb-system (1 references)
target prot opt source destination
MARK all – 0.0.0.0/0 0.0.0.0/0 /* cali:ifACvx0V9WlLsDp1 / MARK or 0x10000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:6rbJBL1Zy2dfSRJy */ mark match 0x10000/0x10000

Chain cali-pro-ksa.default.default (1 references)
target prot opt source destination

Chain cali-to-hep-forward (1 references)
target prot opt source destination

Chain cali-to-host-endpoint (1 references)
target prot opt source destination

Chain cali-to-wl-dispatch (1 references)
target prot opt source destination
cali-to-wl-dispatch-1 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:svNUGuuCd7LCNEXq /
cali-tw-cali311a947d890 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:8eGeWUSV12vG5vyG /
cali-tw-cali4dc053b3e3f all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:XPtrwzabVfHSWqT6 /
cali-to-wl-dispatch-6 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:nRCmrtKFVB91RJtU /
cali-tw-cali841e79c12ad all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:amGlGoEt-SzdGI_9 /
cali-tw-calia9ae65d3486 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:QjaYs-KYuh4zc6Ah /
cali-tw-calib3c61c3cba9 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:dGOLQIb5Zvweba_x /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:me8WdRu3NjCDOCSm / / Unknown interface */

Chain cali-to-wl-dispatch-1 (1 references)
target prot opt source destination
cali-tw-cali13f34138a72 all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:mPQm8YmJSRI4tpQY /
cali-tw-cali1c8548f7662 all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:3Lsh4mLI4JT6JFD- /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:_R_17hUZr2UTdg_b / / Unknown interface */

Chain cali-to-wl-dispatch-6 (1 references)
target prot opt source destination
cali-tw-cali601865f7adc all – 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:32uwGeCdUvMheMO4 /
cali-tw-cali66d1220e0bf all – 0.0.0.0/0 0.0.0.0/0 [goto] / cali:ldJ2oaOHDovD2tnT /
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:bSNHLaGdDGhVj7zC / / Unknown interface */

Chain cali-tw-cali13f34138a72 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:d-86JiBGM8WZcAvh / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:vGEtoPxlabVwxMp0 / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:5oHBStZP12-cvMLx / MARK and 0xfffeffff
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:oWU3YwAZ5GKS4ky2 / / Start of policies / MARK and 0xfffdffff
cali-pi-_2NNbiTOVqLt7AwxijAE all – 0.0.0.0/0 0.0.0.0/0 / cali:jE5Yy_MulLdkZunX / mark match 0x0/0x20000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:tPO2sCrxL8cY36h3 / / Return if policy accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:fJcCqGZRehvroCRy / / Drop if no policies passed packet / mark match 0x0/0x20000
cali-pri-kns.fleet-system all – 0.0.0.0/0 0.0.0.0/0 / cali:RstVpwkpQlfV3ajN /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:OX22EQLIJQe2DpZg / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_i0Q3mE3gxC8gqoQRBK all – 0.0.0.0/0 0.0.0.0/0 / cali:lPt9mhT9nFHOd63d /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:c9ge1fW1LlQoTLQe / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:jxPGbvuEcotuey4k / / Drop if no profiles matched */

Chain cali-tw-cali1c8548f7662 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:yCLwMy_nKst8vTX / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:c6TBdx-DcZ1fXICn / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:QldXuN0pMqyg4rv / MARK and 0xfffeffff
cali-pri-kns.cattle-system all – 0.0.0.0/0 0.0.0.0/0 / cali:eggPGBO-fjw9p_5T /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:tcFGFtw_HJI0E1o1 / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_CzmRP3MOS5D_XrEc44 all – 0.0.0.0/0 0.0.0.0/0 / cali:t_4-8uyiCeMkeofA /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:LoFNkYIRmuBdDqx5 / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:Bv-7crYYpJvh2SY3 / / Drop if no profiles matched */

Chain cali-tw-cali311a947d890 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:TkneXRXfXXA4ZMMY / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:FKQKb5ys2TPPGrTk / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:KFvSrT8xqQ3KdmVy / MARK and 0xfffeffff
cali-pri-kns.metallb-system all – 0.0.0.0/0 0.0.0.0/0 / cali:qCvsOj0kFoXZzXO2 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:frtsSLjDGK6l8xsP / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_rfesb_Nv6QzsjWHy5M all – 0.0.0.0/0 0.0.0.0/0 / cali:7LbeCMzSqCTMeHr6 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:k7RFe50fkGjkuVch / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:HxoyDIC7LHLwXslc / / Drop if no profiles matched */

Chain cali-tw-cali4dc053b3e3f (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:XF4IkNZqwtzIowtc / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:Sl-xCUCt_oEwnPX5 / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:ZrLtGf1twk0OSwmo / MARK and 0xfffeffff
cali-pri-kns.cert-manager all – 0.0.0.0/0 0.0.0.0/0 / cali:gvI_5UR_unfcjOBB /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:l1kzHKC4kXHJiGMf / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_PfNIBb694QWVrNir-D all – 0.0.0.0/0 0.0.0.0/0 / cali:0pQJs22aVmTg66ID /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:Zp8IjUzoDsVtVNqz / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:ngnoS6QnaxD_7_v1 / / Drop if no profiles matched */

Chain cali-tw-cali601865f7adc (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:XTobo2zInX0ynJ11 / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:1qQZjy7aZLAy6nzW / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:ZWrj18pdKUkbytFf / MARK and 0xfffeffff
cali-pri-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:91ZyJ_cgMlEmiuCx /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:6UGkbe3egI2Uud6M / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_u2Tn2rSoAPffvE7JO6 all – 0.0.0.0/0 0.0.0.0/0 / cali:emXu-GltScy5kRSk /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:pHy9kSX8BXaE2EcB / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:ZxgLb3d6fNzXqy36 / / Drop if no profiles matched */

Chain cali-tw-cali66d1220e0bf (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:cyIXlmJ-T2ZWm-Om / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:vHOOT2xo9S19IKT1 / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:W7acHQ5pJKaUEj3B / MARK and 0xfffeffff
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:m71OkN9IO6NEGPRe / / Start of policies / MARK and 0xfffdffff
cali-pi-_2NNbiTOVqLt7AwxijAE all – 0.0.0.0/0 0.0.0.0/0 / cali:4HmwKI1TLpbXewpA / mark match 0x0/0x20000
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:dejpdOt6dFDo-t7T / / Return if policy accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:qXQdnOzHfV2TfMjT / / Drop if no policies passed packet / mark match 0x0/0x20000
cali-pri-kns.fleet-system all – 0.0.0.0/0 0.0.0.0/0 / cali:i_qe1Nyt6zCNFzrJ /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:T_cCkeCIaVg40XeZ / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_-VBQwle9MyLx-am3Ao all – 0.0.0.0/0 0.0.0.0/0 / cali:CbMVkzwOiIaVCKvF /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:7gkFCMkHA6JxX_xq / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:WNc9t6LgReDVVrDi / / Drop if no profiles matched */

Chain cali-tw-cali841e79c12ad (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:4kJfFrcV5dr6uILW / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:ubDa2RxDowSP5Lna / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:hr-B_riOVTZQy_Gm / MARK and 0xfffeffff
cali-pri-kns.kube-system all – 0.0.0.0/0 0.0.0.0/0 / cali:IHcHgzkWqEgfmQNA /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:vJpNHn267-lCC2ju / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_CVSZITRyIpEmH8AB6H all – 0.0.0.0/0 0.0.0.0/0 / cali:Z7K_U4-dn_Eylup1 /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:A7YJCUt67nPG3XmO / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:Fc0RsESAlj2fX2ap / / Drop if no profiles matched */

Chain cali-tw-calia9ae65d3486 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:zgCxz-09sr21RiKJ / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:oXeSREGLOAU9aigg / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:obvnbFgsLhU3RjL6 / MARK and 0xfffeffff
cali-pri-kns.cert-manager all – 0.0.0.0/0 0.0.0.0/0 / cali:vyN0q46iYxRS8N2z /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:lmefMLdmjEufuZw_ / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-_zkO6GKYeniG6-oa73y all – 0.0.0.0/0 0.0.0.0/0 / cali:znQ0dTVU7J5vhlKO /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:rLb225oBRLBK2hwn / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:Vp_fHaaQ5SGAyyru / / Drop if no profiles matched */

Chain cali-tw-calib3c61c3cba9 (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 /* cali:ERriy_LNlpHE7Zpa / ctstate RELATED,ESTABLISHED
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:319XBxiHdVGHvs2I / ctstate INVALID
MARK all – 0.0.0.0/0 0.0.0.0/0 / cali:nChoIqPtK8-J0Tnh / MARK and 0xfffeffff
cali-pri-kns.default all – 0.0.0.0/0 0.0.0.0/0 / cali:NSSJcrC8rQgyfE3o /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:RpCToeb7ZQGnRoqQ / / Return if profile accepted / mark match 0x10000/0x10000
cali-pri-ksa.default.default all – 0.0.0.0/0 0.0.0.0/0 / cali:sj37TD8cnzxYCzNk /
RETURN all – 0.0.0.0/0 0.0.0.0/0 / cali:DJaOVT9ZF-RYc9gH / / Return if profile accepted / mark match 0x10000/0x10000
DROP all – 0.0.0.0/0 0.0.0.0/0 / cali:zyPfP22BuZI-2_kX / / Drop if no profiles matched */

Chain cali-wl-to-host (1 references)
target prot opt source destination
cali-from-wl-dispatch all – 0.0.0.0/0 0.0.0.0/0 /* cali:Ee9Sbo10IpVujdIY /
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 / cali:nSZbcOoG1xPONxb8 / / Configured DefaultEndpointToHostAction */

Not really sure what to make of those docker specific rules, I don’t have anything running docker to compare it to. Howerever everything else seems fine, because they are managed rules.

If you have any firewalls between the nodes, you’ll want to investigate there.

Also worth checking out your routes to make sure there’s no overlap: netstat -nr.

Networking is a weak subject for me so I’m pretty short on ideas on what else you could check… unless RKE comes with some pre-defined Network Policies.

Thanks for the support.

I thought all ports are open from the firewall in the network side (Oracle VM bridge firewall), but only TCP ports were opened. So no UDP packets were transmitted between nodes even if all firewalls in the nodes are disabled.
When the VM bridge firewall was configured to allow UDP ports it started working. The netcat is really good to check UDP and also tshark. I checked the packets upto node eth level with - tshark -V –i eth0 –d udp.port=8472,vxlan –f “port 8472” (works for Fannel / cannel)