# Generated by iptables-save v1.8.4 on Mon Jun  9 21:31:09 2025
*raw
:PREROUTING ACCEPT [78416:301973864]
:OUTPUT ACCEPT [49610:65254027]
:cali-OUTPUT - [0:0]
:cali-PREROUTING - [0:0]
:cali-from-host-endpoint - [0:0]
:cali-rpf-skip - [0:0]
:cali-to-host-endpoint - [0:0]
-A PREROUTING -m comment --comment "cali:6gwbT8clXdHdC1b1" -j cali-PREROUTING
-A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT
-A cali-OUTPUT -m comment --comment "cali:clI8WObfCl4yhr60" -j MARK --set-xmark 0x0/0x1b0000
-A cali-OUTPUT -m comment --comment "cali:ZbkN6P8OdRcBRPpU" -j cali-to-host-endpoint
-A cali-OUTPUT -p udp -m comment --comment "cali:ry5_UEpt1OaPPCxO" -m udp --dport 4789 -j NOTRACK
-A cali-OUTPUT -m comment --comment "cali:MGhICIksKDnYMIkW" -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-PREROUTING -m comment --comment "cali:DQ6LK2guiBRMyrLK" -j MARK --set-xmark 0x0/0x1b0000
-A cali-PREROUTING -p udp -m comment --comment "cali:sIsu2aAqNN6K3YYn" -m udp --dport 4789 -j NOTRACK
-A cali-PREROUTING -i cali+ -m comment --comment "cali:W0qKAga6QivxLxL1" -j MARK --set-xmark 0x80000/0x80000
-A cali-PREROUTING -m comment --comment "cali:QOYCZUivPyJL6Dp1" -m mark --mark 0x80000/0x80000 -j cali-rpf-skip
-A cali-PREROUTING -m comment --comment "cali:uvipz_NmQPrGYnTB" -m mark --mark 0x80000/0x80000 -m rpfilter --validmark --invert -j DROP
-A cali-PREROUTING -m comment --comment "cali:pj4jqF0K2OCNLmzX" -m mark --mark 0x0/0x80000 -j cali-from-host-endpoint
-A cali-PREROUTING -m comment --comment "cali:Jefg6QI5khJcHnVl" -m mark --mark 0x10000/0x10000 -j ACCEPT
COMMIT
# Completed on Mon Jun  9 21:31:09 2025
# Generated by iptables-save v1.8.4 on Mon Jun  9 21:31:09 2025
*nat
:PREROUTING ACCEPT [29:1352]
:INPUT ACCEPT [29:1352]
:OUTPUT ACCEPT [54:6201]
:POSTROUTING ACCEPT [54:6201]
:cali-OUTPUT - [0:0]
:cali-POSTROUTING - [0:0]
:cali-PREROUTING - [0:0]
:cali-fip-dnat - [0:0]
:cali-fip-snat - [0:0]
:cali-nat-outgoing - [0:0]
-A PREROUTING -m comment --comment "cali:6gwbT8clXdHdC1b1" -j cali-PREROUTING
-A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT
-A POSTROUTING -m comment --comment "cali:0i8pjzKKPyA34aQD" -j cali-POSTROUTING
-A cali-OUTPUT -m comment --comment "cali:GBTAv2p5CwevEyJm" -j cali-fip-dnat
-A cali-POSTROUTING -m comment --comment "cali:Z-c7XtVd2Bq7s_hA" -j cali-fip-snat
-A cali-POSTROUTING -m comment --comment "cali:nYKhEzDlr11Jccal" -j cali-nat-outgoing
-A cali-POSTROUTING -o vxlan.calico -m comment --comment "cali:e9dnSgSVNmIcpVhP" -m addrtype ! --src-type LOCAL --limit-iface-out -m addrtype --src-type LOCAL -j MASQUERADE --random-fully
-A cali-PREROUTING -m comment --comment "cali:r6XmIziWUJsdOK6Z" -j cali-fip-dnat
COMMIT
# Completed on Mon Jun  9 21:31:09 2025
# Generated by iptables-save v1.8.4 on Mon Jun  9 21:31:09 2025
*filter
:INPUT ACCEPT [348:105097]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [307:60006]
:cali-FORWARD - [0:0]
:cali-INPUT - [0:0]
:cali-OUTPUT - [0:0]
:cali-cidr-block - [0:0]
:cali-from-hep-forward - [0:0]
:cali-from-host-endpoint - [0:0]
:cali-from-wl-dispatch - [0:0]
:cali-to-hep-forward - [0:0]
:cali-to-host-endpoint - [0:0]
:cali-to-wl-dispatch - [0:0]
:cali-wl-to-host - [0:0]
-A INPUT -m comment --comment "cali:Cz_u1IQiXIMmKD4c" -j cali-INPUT
-A FORWARD -m comment --comment "cali:wUHhoiAYhphO9Mso" -j cali-FORWARD
-A FORWARD -m comment --comment "cali:S93hcgKJrXEqnTfs" -m comment --comment "Policy explicitly accepted packet." -m mark --mark 0x10000/0x10000 -j ACCEPT
-A FORWARD -m comment --comment "cali:mp77cMpurHhyjLrM" -j MARK --set-xmark 0x10000/0x10000
-A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT
-A cali-FORWARD -m comment --comment "cali:W_vvds1Nw3n9QE2f" -j MARK --set-xmark 0x0/0x1a0000
-A cali-FORWARD -m comment --comment "cali:ZfgmjuiLaA8Pg0kp" -m mark --mark 0x0/0x10000 -j cali-from-hep-forward
-A cali-FORWARD -i cali+ -m comment --comment "cali:tAzwBLPaV-j53OOZ" -j cali-from-wl-dispatch
-A cali-FORWARD -o cali+ -m comment --comment "cali:4Z0Pf0byo05NFe-P" -j cali-to-wl-dispatch
-A cali-FORWARD -m comment --comment "cali:hQ7Oc16wmUtLuneJ" -j cali-to-hep-forward
-A cali-FORWARD -m comment --comment "cali:rnKNH2WxGcRQcIlD" -j cali-cidr-block
-A cali-INPUT -p udp -m comment --comment "cali:EDCNTTxYfggApx8C" -m comment --comment "Drop IPv4 VXLAN packets from non-allowed hosts" -m multiport --dports 4789 -m addrtype --dst-type LOCAL -j DROP
-A cali-INPUT -i cali+ -m comment --comment "cali:H03xYXARh4e8pwd4" -g cali-wl-to-host
-A cali-INPUT -m comment --comment "cali:MN6K3isIWBigb1Va" -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-INPUT -m comment --comment "cali:aKDQAoV0P_FFAIwV" -j MARK --set-xmark 0x0/0x1b0000
-A cali-INPUT -m comment --comment "cali:vIx3xkWzuvLW9fr4" -j cali-from-host-endpoint
-A cali-INPUT -m comment --comment "cali:5W9XghKma9wuz47x" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-OUTPUT -m comment --comment "cali:Mq1_rAdXXH3YkrzW" -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-OUTPUT -o cali+ -m comment --comment "cali:69FkRTJDvD5Vu6Vl" -j RETURN
-A cali-OUTPUT -m comment --comment "cali:6T0hFtymUtXMOfEV" -j MARK --set-xmark 0x0/0x1b0000
-A cali-OUTPUT -m comment --comment "cali:IpTGXsDHURPUaLjJ" -m conntrack ! --ctstate DNAT -j cali-to-host-endpoint
-A cali-OUTPUT -m comment --comment "cali:wgnULo2gucg1umsA" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-from-wl-dispatch -m comment --comment "cali:zTj6P0TIgYvgz-md" -m comment --comment "Unknown interface" -j DROP
-A cali-to-wl-dispatch -m comment --comment "cali:7KNphB1nNHw80nIO" -m comment --comment "Unknown interface" -j DROP
-A cali-wl-to-host -m comment --comment "cali:Ee9Sbo10IpVujdIY" -j cali-from-wl-dispatch
-A cali-wl-to-host -m comment --comment "cali:nSZbcOoG1xPONxb8" -m comment --comment "Configured DefaultEndpointToHostAction" -j ACCEPT
COMMIT
# Completed on Mon Jun  9 21:31:09 2025
# Generated by iptables-save v1.8.4 on Mon Jun  9 21:31:09 2025
*mangle
:PREROUTING ACCEPT [4785:669096]
:INPUT ACCEPT [59288:296309463]
:FORWARD ACCEPT [19117:5641272]
:OUTPUT ACCEPT [49616:65263539]
:POSTROUTING ACCEPT [68691:70901095]
:cali-POSTROUTING - [0:0]
:cali-PREROUTING - [0:0]
:cali-from-host-endpoint - [0:0]
:cali-to-host-endpoint - [0:0]
-A PREROUTING -m comment --comment "cali:6gwbT8clXdHdC1b1" -j cali-PREROUTING
-A POSTROUTING -m comment --comment "cali:O3lYWMrLQYEMJtB5" -j cali-POSTROUTING
-A cali-POSTROUTING -m comment --comment "cali:NX-7roTexQ3fGRfU" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-POSTROUTING -m comment --comment "cali:JkYr4aB8O4_N8NBS" -j MARK --set-xmark 0x0/0x1b0000
-A cali-POSTROUTING -m comment --comment "cali:nO0nbHA3Or7V6l7t" -m conntrack --ctstate DNAT -j cali-to-host-endpoint
-A cali-POSTROUTING -m comment --comment "cali:mgxNjIoKySH7TEGH" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-PREROUTING -m comment --comment "cali:6BJqBjBC7crtA-7-" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-PREROUTING -m comment --comment "cali:KX7AGNd6rMcDUai6" -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-PREROUTING -m comment --comment "cali:wNH7KsA3ILKJBsY9" -j cali-from-host-endpoint
-A cali-PREROUTING -m comment --comment "cali:Cg96MgVuoPm7UMRo" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x10000/0x10000 -j ACCEPT
COMMIT
# Completed on Mon Jun  9 21:31:09 2025