Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 6 -- * * 0.0.0.0/0 172.18.0.0/24 tcp dpt:6443 6 434 ACCEPT 6 -- * * 0.0.0.0/0 172.22.0.0/24 tcp dpt:80 0 0 ACCEPT 6 -- * * 0.0.0.0/0 172.22.0.0/24 tcp dpt:9999 1960 843K ACCEPT 6 -- * * 0.0.0.0/0 172.22.0.0/24 tcp dpt:6385 0 0 ACCEPT 6 -- * * 0.0.0.0/0 172.22.0.0/24 tcp dpt:5050 0 0 ACCEPT 6 -- * * 0.0.0.0/0 172.22.0.0/24 tcp dpt:443 74416 3874K ACCEPT 6 -- * * 0.0.0.0/0 172.22.0.0/24 tcp dpt:6180 0 0 ACCEPT 6 -- * * 0.0.0.0/0 192.168.111.0/24 tcp dpt:443 0 0 ACCEPT 6 -- * * 0.0.0.0/0 192.168.111.0/24 tcp dpt:53 1190 74228 ACCEPT 6 -- * * 0.0.0.0/0 192.168.111.0/24 tcp dpt:5000 0 0 ACCEPT 6 -- * * 0.0.0.0/0 192.168.111.0/24 tcp dpt:80 0 0 ACCEPT 17 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 0 0 ACCEPT 17 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 udp dpt:547 0 0 ACCEPT 17 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 udp dpt:546 0 0 ACCEPT 17 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 19 6958 ACCEPT 17 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT 17 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 udp dpt:5353 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:547 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:546 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 16 6046 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:5353 0 0 ACCEPT 6 -- external * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT 6 -- external * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT 6 -- external * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 0 0 ACCEPT 6 -- external * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT 6 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT 6 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999 0 0 ACCEPT 6 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6385 0 0 ACCEPT 6 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050 0 0 ACCEPT 6 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT 6 -- ironicendpoint * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6180 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6385 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6180 0 0 ACCEPT 6 -- external * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 0 0 ACCEPT 17 -- external * 0.0.0.0/0 0.0.0.0/0 udp dpts:6230:6235 465K 2303M LIBVIRT_INP 0 -- * * 0.0.0.0/0 0.0.0.0/0 536K 3019M openstack-INPUT 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2271 9425K ACCEPT 0 -- * external 0.0.0.0/0 192.168.111.0/24 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:547 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:546 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT 17 -- provisioning * 0.0.0.0/0 0.0.0.0/0 udp dpt:5353 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6385 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT 6 -- provisioning * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6180 230K 619M DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0 230K 619M DOCKER-FORWARD 0 -- * * 0.0.0.0/0 0.0.0.0/0 1338 90508 LIBVIRT_FWX 0 -- * * 0.0.0.0/0 0.0.0.0/0 1338 90508 LIBVIRT_FWI 0 -- * * 0.0.0.0/0 0.0.0.0/0 1338 90508 LIBVIRT_FWO 0 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- provisioning * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT 112 -- provisioning * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 1 -- provisioning * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 520K packets, 4152M bytes) pkts bytes target prot opt in out source destination 495K 4150M LIBVIRT_OUT 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT 6 -- !br-e72c99bc4ad0 br-e72c99bc4ad0 0.0.0.0/0 172.18.0.2 tcp dpt:6443 0 0 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:5000 0 0 DROP 0 -- !docker0 docker0 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- !br-e72c99bc4ad0 br-e72c99bc4ad0 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-BRIDGE (1 references) pkts bytes target prot opt in out source destination 0 0 DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER 0 -- * br-e72c99bc4ad0 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-CT (1 references) pkts bytes target prot opt in out source destination 119K 440M ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 32798 174M ACCEPT 0 -- * br-e72c99bc4ad0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED Chain DOCKER-FORWARD (1 references) pkts bytes target prot opt in out source destination 230K 619M DOCKER-CT 0 -- * * 0.0.0.0/0 0.0.0.0/0 78326 4813K DOCKER-ISOLATION-STAGE-1 0 -- * * 0.0.0.0/0 0.0.0.0/0 78326 4813K DOCKER-BRIDGE 0 -- * * 0.0.0.0/0 0.0.0.0/0 57170 3598K ACCEPT 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0 19818 1124K ACCEPT 0 -- br-e72c99bc4ad0 * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 57170 3598K DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 19818 1124K DOCKER-ISOLATION-STAGE-2 0 -- br-e72c99bc4ad0 !br-e72c99bc4ad0 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (2 references) pkts bytes target prot opt in out source destination 0 0 DROP 0 -- * br-e72c99bc4ad0 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination Chain LIBVIRT_FWI (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT 0 -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED 0 0 REJECT 0 -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 ACCEPT 0 -- * external 0.0.0.0/0 192.168.111.0/24 ctstate RELATED,ESTABLISHED 0 0 REJECT 0 -- * external 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain LIBVIRT_FWO (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT 0 -- virbr0 * 192.168.122.0/24 0.0.0.0/0 0 0 REJECT 0 -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 1338 90508 ACCEPT 0 -- external * 192.168.111.0/24 0.0.0.0/0 0 0 REJECT 0 -- external * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain LIBVIRT_FWX (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT 0 -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- external external 0.0.0.0/0 0.0.0.0/0 Chain LIBVIRT_INP (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT 17 -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT 6 -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT 17 -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT 6 -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 35 2406 ACCEPT 17 -- external * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT 6 -- external * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 9 2772 ACCEPT 17 -- external * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT 6 -- external * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 Chain LIBVIRT_OUT (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT 17 -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT 6 -- * virbr0 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT 17 -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68 0 0 ACCEPT 6 -- * virbr0 0.0.0.0/0 0.0.0.0/0 tcp dpt:68 0 0 ACCEPT 17 -- * external 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT 6 -- * external 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 9 3195 ACCEPT 17 -- * external 0.0.0.0/0 0.0.0.0/0 udp dpt:68 0 0 ACCEPT 6 -- * external 0.0.0.0/0 0.0.0.0/0 tcp dpt:68 Chain openstack-INPUT (1 references) pkts bytes target prot opt in out source destination 59675 572M ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 3931 130K ACCEPT 1 -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 255 4578 10M ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 467K 2437M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 5 300 ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:19885 0 0 ACCEPT 17 -- * * 172.24.4.0/23 0.0.0.0/0 udp dpt:69 0 0 ACCEPT 6 -- * * 172.24.4.0/23 0.0.0.0/0 tcp dpt:6385 0 0 ACCEPT 6 -- * * 172.24.4.0/23 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT 6 -- * * 172.24.4.0/23 0.0.0.0/0 tcp dpt:8000 0 0 ACCEPT 6 -- * * 172.24.4.0/23 0.0.0.0/0 tcp dpt:8003 0 0 ACCEPT 6 -- * * 172.24.4.0/23 0.0.0.0/0 tcp dpt:8004 190 8580 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 5 LOG flags 0 level 4 prefix "iptables dropped: " 833 38920 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited