1. root@kubernetes-master co]# iptables -L
    2. Chain INPUT (policy ACCEPT)
    3. target     prot opt source               destination         
    4. KUBE-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes service portals */
    5. KUBE-EXTERNAL-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes externally-visible service portals */
    6. KUBE-FIREWALL  all  --  anywhere             anywhere            
    8. Chain FORWARD (policy ACCEPT)
    9. target     prot opt source               destination         
    10. KUBE-FORWARD  all  --  anywhere             anywhere             /* kubernetes forwarding rules */
    11. KUBE-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes service portals */
    12. DOCKER-USER  all  --  anywhere             anywhere            
    13. DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
    14. ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    15. DOCKER     all  --  anywhere             anywhere            
    16. ACCEPT     all  --  anywhere             anywhere            
    17. ACCEPT     all  --  anywhere             anywhere            
    18. ACCEPT     all  --  10.244.0.0/16        anywhere            
    19. ACCEPT     all  --  anywhere             10.244.0.0/16       
    21. Chain OUTPUT (policy ACCEPT)
    22. target     prot opt source               destination         
    23. KUBE-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes service portals */
    24. KUBE-FIREWALL  all  --  anywhere             anywhere            
    26. Chain DOCKER (1 references)
    27. target     prot opt source               destination         
    29. Chain DOCKER-ISOLATION-STAGE-1 (1 references)
    30. target     prot opt source               destination         
    31. DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
    32. RETURN     all  --  anywhere             anywhere            
    34. Chain DOCKER-ISOLATION-STAGE-2 (1 references)
    35. target     prot opt source               destination         
    36. DROP       all  --  anywhere             anywhere            
    37. RETURN     all  --  anywhere             anywhere            
    39. Chain DOCKER-USER (1 references)
    40. target     prot opt source               destination         
    41. RETURN     all  --  anywhere             anywhere            
    43. Chain KUBE-EXTERNAL-SERVICES (1 references)
    44. target     prot opt source               destination         
    46. Chain KUBE-FIREWALL (2 references)
    47. target     prot opt source               destination         
    48. DROP       all  --  anywhere             anywhere             /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
    49. DROP       all  -- !loopback/8           loopback/8           /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT
    51. Chain KUBE-FORWARD (1 references)
    52. target     prot opt source               destination         
    53. DROP       all  --  anywhere             anywhere             ctstate INVALID
    54. ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding rules */ mark match 0x4000/0x4000
    55. ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED
    56. ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED
    58. Chain KUBE-KUBELET-CANARY (0 references)
    59. target     prot opt source               destination         
    61. Chain KUBE-PROXY-CANARY (0 references)
    62. target     prot opt source               destination         
    64. Chain KUBE-SERVICES (3 references)
    65. target     prot opt source               destination         
    66. [root@kubernetes-master co]#