-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-N KUBE-FIREWALL
-N KUBE-FORWARD
-N KUBE-KUBELET-CANARY
-N KUBE-NODE-PORT
-N cali-FORWARD
-N cali-INPUT
-N cali-OUTPUT
-N cali-cidr-block
-N cali-forward-check
-N cali-forward-endpoint-mark
-N cali-from-endpoint-mark
-N cali-from-hep-forward
-N cali-from-host-endpoint
-N cali-from-wl-dispatch
-N cali-from-wl-dispatch-6
-N cali-fw-cali158be20c965
-N cali-fw-cali61f819ff8a1
-N cali-fw-cali6dbd8ce9f77
-N cali-fw-cali82d36c27766
-N cali-fw-calic534486175c
-N cali-pri-_epG8IGhtHjVk-L4I_A
-N cali-pri-_hBY0ZKx5QFvbMdaVEt
-N cali-pri-_hNSGmJYNT8uLIzxesP
-N cali-pri-_mluTlJXg3OLaEFjyzh
-N cali-pri-kns.airs
-N cali-pri-kns.airs-system
-N cali-pri-kns.kube-system
-N cali-pri-kns.logging
-N cali-pri-kns.monitoring
-N cali-pri-ksa.airs.default
-N cali-pro-_epG8IGhtHjVk-L4I_A
-N cali-pro-_hBY0ZKx5QFvbMdaVEt
-N cali-pro-_hNSGmJYNT8uLIzxesP
-N cali-pro-_mluTlJXg3OLaEFjyzh
-N cali-pro-kns.airs
-N cali-pro-kns.airs-system
-N cali-pro-kns.kube-system
-N cali-pro-kns.logging
-N cali-pro-kns.monitoring
-N cali-pro-ksa.airs.default
-N cali-set-endpoint-mark
-N cali-set-endpoint-mark-6
-N cali-sm-cali158be20c965
-N cali-sm-cali61f819ff8a1
-N cali-sm-cali6dbd8ce9f77
-N cali-sm-cali82d36c27766
-N cali-sm-calic534486175c
-N cali-to-hep-forward
-N cali-to-host-endpoint
-N cali-to-wl-dispatch
-N cali-to-wl-dispatch-6
-N cali-tw-cali158be20c965
-N cali-tw-cali61f819ff8a1
-N cali-tw-cali6dbd8ce9f77
-N cali-tw-cali82d36c27766
-N cali-tw-calic534486175c
-N cali-wl-to-host
-A INPUT -m comment --comment "cali:Cz_u1IQiXIMmKD4c" -j cali-INPUT
-A INPUT -d 169.254.0.10/32 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 169.254.0.10/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -m comment --comment "kubernetes health check rules" -j KUBE-NODE-PORT
-A INPUT -j KUBE-FIREWALL
-A FORWARD -m comment --comment "cali:wUHhoiAYhphO9Mso" -j cali-FORWARD
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -m comment --comment "kubernetes forwarding rules" -j KUBE-FORWARD
-A FORWARD -m comment --comment "cali:S93hcgKJrXEqnTfs" -m comment --comment "Policy explicitly accepted packet." -m mark --mark 0x10000/0x10000 -j ACCEPT
-A FORWARD -m comment --comment "cali:mp77cMpurHhyjLrM" -j MARK --set-xmark 0x10000/0x10000
-A OUTPUT -m comment --comment "cali:tVnHkvAo15HuiPy0" -j cali-OUTPUT
-A OUTPUT -s 169.254.0.10/32 -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -s 169.254.0.10/32 -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -j KUBE-FIREWALL
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP
-A KUBE-FIREWALL ! -s 127.0.0.0/8 -d 127.0.0.0/8 -m comment --comment "block incoming localnet connections" -m conntrack ! --ctstate RELATED,ESTABLISHED,DNAT -j DROP
-A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT
-A KUBE-FORWARD -m comment --comment "kubernetes forwarding conntrack rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A KUBE-NODE-PORT -m comment --comment "Kubernetes health check node port" -m set --match-set KUBE-HEALTH-CHECK-NODE-PORT dst -j ACCEPT
-A cali-FORWARD -m comment --comment "cali:vjrMJCRpqwy5oRoX" -j MARK --set-xmark 0x0/0xe0000
-A cali-FORWARD -m comment --comment "cali:A_sPAO0mcxbT9mOV" -m mark --mark 0x0/0x10000 -j cali-from-hep-forward
-A cali-FORWARD -i cali+ -m comment --comment "cali:8ZoYfO5HKXWbB3pk" -j cali-from-wl-dispatch
-A cali-FORWARD -o cali+ -m comment --comment "cali:jdEuaPBe14V2hutn" -j cali-to-wl-dispatch
-A cali-FORWARD -m comment --comment "cali:12bc6HljsMKsmfr-" -j cali-to-hep-forward
-A cali-FORWARD -m comment --comment "cali:NOSxoaGx8OIstr1z" -j cali-cidr-block
-A cali-INPUT -p ipencap -m comment --comment "cali:PajejrV4aFdkZojI" -m comment --comment "Allow IPIP packets from Calico hosts" -m set --match-set cali40all-hosts-net src -m addrtype --dst-type LOCAL -j ACCEPT
-A cali-INPUT -p ipencap -m comment --comment "cali:_wjq-Yrma8Ly1Svo" -m comment --comment "Drop IPIP packets from non-Calico hosts" -j DROP
-A cali-INPUT -m comment --comment "cali:ss8lEMQsXi-s6qYT" -j MARK --set-xmark 0x0/0xfff00000
-A cali-INPUT -m comment --comment "cali:PgIW-V0nEjwPhF_8" -j cali-forward-check
-A cali-INPUT -m comment --comment "cali:QMJlDwlS0OjHyfMN" -m mark ! --mark 0x0/0xfff00000 -j RETURN
-A cali-INPUT -i cali+ -m comment --comment "cali:nDRe73txrna-aZjG" -g cali-wl-to-host
-A cali-INPUT -m comment --comment "cali:iX2AYvqGXaVqwkro" -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-INPUT -m comment --comment "cali:bhpnxD5IRtBP8KW0" -j MARK --set-xmark 0x0/0xf0000
-A cali-INPUT -m comment --comment "cali:H5_bccAbHV0sooVy" -j cali-from-host-endpoint
-A cali-INPUT -m comment --comment "cali:inBL01YlfurT0dbI" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-OUTPUT -m comment --comment "cali:Mq1_rAdXXH3YkrzW" -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-OUTPUT -m comment --comment "cali:5Z67OUUpTOM7Xa1a" -m mark ! --mark 0x0/0xfff00000 -g cali-forward-endpoint-mark
-A cali-OUTPUT -o cali+ -m comment --comment "cali:M2Wf0OehNdig8MHR" -j RETURN
-A cali-OUTPUT -p ipencap -m comment --comment "cali:AJBkLho_0Qd8LNr3" -m comment --comment "Allow IPIP packets to other Calico hosts" -m set --match-set cali40all-hosts-net dst -m addrtype --src-type LOCAL -j ACCEPT
-A cali-OUTPUT -m comment --comment "cali:iz2RWXlXJDUfsLpe" -j MARK --set-xmark 0x0/0xf0000
-A cali-OUTPUT -m comment --comment "cali:xQqLi8S0sxbiyvjR" -m conntrack ! --ctstate DNAT -j cali-to-host-endpoint
-A cali-OUTPUT -m comment --comment "cali:aSnsxZdmhxm_ilRZ" -m comment --comment "Host endpoint policy accepted packet." -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-forward-check -m comment --comment "cali:Pbldlb4FaULvpdD8" -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN
-A cali-forward-check -p tcp -m comment --comment "cali:ZD-6UxuUtGW-xtzg" -m comment --comment "To kubernetes NodePort service" -m multiport --dports 30000:32767 -m set --match-set cali40this-host dst -g cali-set-endpoint-mark
-A cali-forward-check -p udp -m comment --comment "cali:CbPfUajQ2bFVnDq4" -m comment --comment "To kubernetes NodePort service" -m multiport --dports 30000:32767 -m set --match-set cali40this-host dst -g cali-set-endpoint-mark
-A cali-forward-check -m comment --comment "cali:jmhU0ODogX-Zfe5g" -m comment --comment "To kubernetes service" -m set ! --match-set cali40this-host dst -j cali-set-endpoint-mark
-A cali-forward-endpoint-mark -m comment --comment "cali:O0SmFDrnm7KggWqW" -m mark ! --mark 0x100000/0xfff00000 -j cali-from-endpoint-mark
-A cali-forward-endpoint-mark -o cali+ -m comment --comment "cali:aFl0WFKRxDqj8oA6" -j cali-to-wl-dispatch
-A cali-forward-endpoint-mark -m comment --comment "cali:AZKVrO3i_8cLai5f" -j cali-to-hep-forward
-A cali-forward-endpoint-mark -m comment --comment "cali:96HaP1sFtb-NYoYA" -j MARK --set-xmark 0x0/0xfff00000
-A cali-forward-endpoint-mark -m comment --comment "cali:VxO6hyNWz62YEtul" -m comment --comment "Policy explicitly accepted packet." -m mark --mark 0x10000/0x10000 -j ACCEPT
-A cali-from-endpoint-mark -m comment --comment "cali:Cj_yNpEZjZAn_Ewg" -m mark --mark 0x29c00000/0xfff00000 -g cali-fw-cali158be20c965
-A cali-from-endpoint-mark -m comment --comment "cali:sTRgn3XPlMwNLVFk" -m mark --mark 0x9ef00000/0xfff00000 -g cali-fw-cali61f819ff8a1
-A cali-from-endpoint-mark -m comment --comment "cali:_3JlBtGd8y_EBKCk" -m mark --mark 0xe9f00000/0xfff00000 -g cali-fw-cali6dbd8ce9f77
-A cali-from-endpoint-mark -m comment --comment "cali:Jsgg-p4-l0U6ivCs" -m mark --mark 0xf800000/0xfff00000 -g cali-fw-cali82d36c27766
-A cali-from-endpoint-mark -m comment --comment "cali:yIZsHCn4v2Ibt-pa" -m mark --mark 0x90100000/0xfff00000 -g cali-fw-calic534486175c
-A cali-from-endpoint-mark -m comment --comment "cali:wNdpjyZbTBaJ-oeb" -m comment --comment "Unknown interface" -j DROP
-A cali-from-wl-dispatch -i cali158be20c965 -m comment --comment "cali:TWHMq8lfkr-8-Rqe" -g cali-fw-cali158be20c965
-A cali-from-wl-dispatch -i cali6+ -m comment --comment "cali:nSn5uA5trDQl_t8W" -g cali-from-wl-dispatch-6
-A cali-from-wl-dispatch -i cali82d36c27766 -m comment --comment "cali:o5INGn4L0wuYOq5k" -g cali-fw-cali82d36c27766
-A cali-from-wl-dispatch -i calic534486175c -m comment --comment "cali:PJLJvv9YA4QNvsF6" -g cali-fw-calic534486175c
-A cali-from-wl-dispatch -m comment --comment "cali:-vVZ2N2jmRYKTgU7" -m comment --comment "Unknown interface" -j DROP
-A cali-from-wl-dispatch-6 -i cali61f819ff8a1 -m comment --comment "cali:D8H80h7zF7b_Jf74" -g cali-fw-cali61f819ff8a1
-A cali-from-wl-dispatch-6 -i cali6dbd8ce9f77 -m comment --comment "cali:Dpzfugnaf-Kl-SKM" -g cali-fw-cali6dbd8ce9f77
-A cali-from-wl-dispatch-6 -m comment --comment "cali:Nyjbx8atFnuVCYH2" -m comment --comment "Unknown interface" -j DROP
-A cali-fw-cali158be20c965 -m comment --comment "cali:6N6NCnnO6ReHYzlt" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-fw-cali158be20c965 -m comment --comment "cali:nnZEj1DpOhqeCSA1" -m conntrack --ctstate INVALID -j DROP
-A cali-fw-cali158be20c965 -m comment --comment "cali:8vEkMlYYiKCIEDTS" -j MARK --set-xmark 0x0/0x10000
-A cali-fw-cali158be20c965 -p udp -m comment --comment "cali:IQLaEA3Cu_6-zzTp" -m comment --comment "Drop VXLAN encapped packets originating in workloads" -m multiport --dports 4789 -j DROP
-A cali-fw-cali158be20c965 -p ipencap -m comment --comment "cali:veLt0T7xXR7S7Ykf" -m comment --comment "Drop IPinIP encapped packets originating in workloads" -j DROP
-A cali-fw-cali158be20c965 -m comment --comment "cali:LDmObI83_m-E6gN6" -j cali-pro-kns.logging
-A cali-fw-cali158be20c965 -m comment --comment "cali:GdkJ2d7Q2S7HuHlC" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-cali158be20c965 -m comment --comment "cali:3oLGwVQBIniN8Jw-" -j cali-pro-_hBY0ZKx5QFvbMdaVEt
-A cali-fw-cali158be20c965 -m comment --comment "cali:XcksD2603LKa5N-N" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-cali158be20c965 -m comment --comment "cali:TYdLn9Hn73a2Zlu-" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-fw-cali61f819ff8a1 -m comment --comment "cali:NfCbr49T7nm9jxAw" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-fw-cali61f819ff8a1 -m comment --comment "cali:9raz-WjGuGBm_6Tf" -m conntrack --ctstate INVALID -j DROP
-A cali-fw-cali61f819ff8a1 -m comment --comment "cali:sphCJcVu2sHOCjLS" -j MARK --set-xmark 0x0/0x10000
-A cali-fw-cali61f819ff8a1 -p udp -m comment --comment "cali:AIPcZHBqEJDU3Q77" -m comment --comment "Drop VXLAN encapped packets originating in workloads" -m multiport --dports 4789 -j DROP
-A cali-fw-cali61f819ff8a1 -p ipencap -m comment --comment "cali:DBDTvAWm8lqyfVnl" -m comment --comment "Drop IPinIP encapped packets originating in workloads" -j DROP
-A cali-fw-cali61f819ff8a1 -m comment --comment "cali:-9EpLWzfuy4FmC-H" -j cali-pro-kns.kube-system
-A cali-fw-cali61f819ff8a1 -m comment --comment "cali:W7tsdhv4s6iaKoTz" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-cali61f819ff8a1 -m comment --comment "cali:nNltgfWZ2mLd5EUW" -j cali-pro-_hNSGmJYNT8uLIzxesP
-A cali-fw-cali61f819ff8a1 -m comment --comment "cali:DU4o-P2Vz3e2esu5" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-cali61f819ff8a1 -m comment --comment "cali:xUN88ght-0wYAPIl" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-fw-cali6dbd8ce9f77 -m comment --comment "cali:IPqBnSf_NtT-cec4" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-fw-cali6dbd8ce9f77 -m comment --comment "cali:6ktnB4OGocGiVLks" -m conntrack --ctstate INVALID -j DROP
-A cali-fw-cali6dbd8ce9f77 -m comment --comment "cali:W_pGLOTlFzziKece" -j MARK --set-xmark 0x0/0x10000
-A cali-fw-cali6dbd8ce9f77 -p udp -m comment --comment "cali:TSoSZfC1XUG0eMd5" -m comment --comment "Drop VXLAN encapped packets originating in workloads" -m multiport --dports 4789 -j DROP
-A cali-fw-cali6dbd8ce9f77 -p ipencap -m comment --comment "cali:uoZiyUfnPzhZLCN2" -m comment --comment "Drop IPinIP encapped packets originating in workloads" -j DROP
-A cali-fw-cali6dbd8ce9f77 -m comment --comment "cali:7YSDS_pbTa-anBge" -j cali-pro-kns.monitoring
-A cali-fw-cali6dbd8ce9f77 -m comment --comment "cali:pafGJXDyGku-ItKO" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-cali6dbd8ce9f77 -m comment --comment "cali:l74ra3OjKmkScllU" -j cali-pro-_epG8IGhtHjVk-L4I_A
-A cali-fw-cali6dbd8ce9f77 -m comment --comment "cali:ss23S-vxbxJQGTbf" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-cali6dbd8ce9f77 -m comment --comment "cali:xBrZ6NhFgi1PSXiy" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-fw-cali82d36c27766 -m comment --comment "cali:zAegG7ythSrHJZdQ" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-fw-cali82d36c27766 -m comment --comment "cali:FBZkSfkOv7DbO05v" -m conntrack --ctstate INVALID -j DROP
-A cali-fw-cali82d36c27766 -m comment --comment "cali:5Y22lUy5w9gX7dcd" -j MARK --set-xmark 0x0/0x10000
-A cali-fw-cali82d36c27766 -p udp -m comment --comment "cali:Z-aHLE1GpDg--QtA" -m comment --comment "Drop VXLAN encapped packets originating in workloads" -m multiport --dports 4789 -j DROP
-A cali-fw-cali82d36c27766 -p ipencap -m comment --comment "cali:-wMCVR6QR3330SS2" -m comment --comment "Drop IPinIP encapped packets originating in workloads" -j DROP
-A cali-fw-cali82d36c27766 -m comment --comment "cali:9J1TI5byNmRCvNqI" -j cali-pro-kns.airs-system
-A cali-fw-cali82d36c27766 -m comment --comment "cali:H2Q-r1EgQEMaB59j" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-cali82d36c27766 -m comment --comment "cali:M7g4eVsqeLMpXd-H" -j cali-pro-_mluTlJXg3OLaEFjyzh
-A cali-fw-cali82d36c27766 -m comment --comment "cali:Oclit9eOP6cgHh6O" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-cali82d36c27766 -m comment --comment "cali:Nx6-k-rY_66tFNtz" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-fw-calic534486175c -m comment --comment "cali:5TLs0EaokacrDNE4" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-fw-calic534486175c -m comment --comment "cali:oBQYL8pi0TAeeeQI" -m conntrack --ctstate INVALID -j DROP
-A cali-fw-calic534486175c -m comment --comment "cali:pm6uh1wXV50WcRWC" -j MARK --set-xmark 0x0/0x10000
-A cali-fw-calic534486175c -p udp -m comment --comment "cali:g0ju7pajKJ4JwFzu" -m comment --comment "Drop VXLAN encapped packets originating in workloads" -m multiport --dports 4789 -j DROP
-A cali-fw-calic534486175c -p ipencap -m comment --comment "cali:XfeW5eEuMj11tkNP" -m comment --comment "Drop IPinIP encapped packets originating in workloads" -j DROP
-A cali-fw-calic534486175c -m comment --comment "cali:VbbYzuVV46XVSO75" -j cali-pro-kns.airs
-A cali-fw-calic534486175c -m comment --comment "cali:f-IrOp_e0VWQeX46" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-calic534486175c -m comment --comment "cali:hc3g5XazrvdOgFqW" -j cali-pro-ksa.airs.default
-A cali-fw-calic534486175c -m comment --comment "cali:JDgZZq6Pomwpea0S" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-fw-calic534486175c -m comment --comment "cali:6t-zfxmzNpeVR4Wh" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-pri-_epG8IGhtHjVk-L4I_A -m comment --comment "cali:HySIGzK0qTgimC_e" -m comment --comment "Profile ksa.monitoring.nvidia-gpu-exporter-dcgm-exporter ingress" 
-A cali-pri-_hBY0ZKx5QFvbMdaVEt -m comment --comment "cali:u1HO3nou2aNZhSb6" -m comment --comment "Profile ksa.logging.promtail ingress" 
-A cali-pri-_hNSGmJYNT8uLIzxesP -m comment --comment "cali:k9ZghIA0HRR2xDY1" -m comment --comment "Profile ksa.kube-system.default ingress" 
-A cali-pri-_mluTlJXg3OLaEFjyzh -m comment --comment "cali:EHrn7ovWJt46W8yg" -m comment --comment "Profile ksa.airs-system.airs-admission ingress" 
-A cali-pri-kns.airs -m comment --comment "cali:_GKgLjcxgL9A39m7" -m comment --comment "Profile kns.airs ingress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pri-kns.airs -m comment --comment "cali:qXnJ_YoFVAN7bHCC" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pri-kns.airs-system -m comment --comment "cali:5FAHr8j7QS4RG_ev" -m comment --comment "Profile kns.airs-system ingress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pri-kns.airs-system -m comment --comment "cali:zK0Y7bEFbETj_0AL" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pri-kns.kube-system -m comment --comment "cali:J1TyxtHWd0qaBGK-" -m comment --comment "Profile kns.kube-system ingress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pri-kns.kube-system -m comment --comment "cali:QIB6k7eEKdIg73Jp" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pri-kns.logging -m comment --comment "cali:RRoZJh9k655JIpCR" -m comment --comment "Profile kns.logging ingress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pri-kns.logging -m comment --comment "cali:lJxXER129E6H6OhF" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pri-kns.monitoring -m comment --comment "cali:8KqDknV2-J2WfWUC" -m comment --comment "Profile kns.monitoring ingress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pri-kns.monitoring -m comment --comment "cali:vKijXjWSweCRBHID" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pri-ksa.airs.default -m comment --comment "cali:5ol1Lo0reyB7U9Kr" -m comment --comment "Profile ksa.airs.default ingress" 
-A cali-pro-_epG8IGhtHjVk-L4I_A -m comment --comment "cali:h3zE1ites1n7fqVM" -m comment --comment "Profile ksa.monitoring.nvidia-gpu-exporter-dcgm-exporter egress" 
-A cali-pro-_hBY0ZKx5QFvbMdaVEt -m comment --comment "cali:AXaLjd5tNnPgnC5D" -m comment --comment "Profile ksa.logging.promtail egress" 
-A cali-pro-_hNSGmJYNT8uLIzxesP -m comment --comment "cali:WHw0aH5lHwGz91dL" -m comment --comment "Profile ksa.kube-system.default egress" 
-A cali-pro-_mluTlJXg3OLaEFjyzh -m comment --comment "cali:Iq2OSApSsMdQnTXe" -m comment --comment "Profile ksa.airs-system.airs-admission egress" 
-A cali-pro-kns.airs -m comment --comment "cali:O-VuDJTro-AD7z1-" -m comment --comment "Profile kns.airs egress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pro-kns.airs -m comment --comment "cali:V8GWU-6g46HbqBMR" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pro-kns.airs-system -m comment --comment "cali:hEDlKAwxZgjIk_78" -m comment --comment "Profile kns.airs-system egress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pro-kns.airs-system -m comment --comment "cali:oMTBo3Jc27VekHwd" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pro-kns.kube-system -m comment --comment "cali:tgOR2S8DVHZW3F1M" -m comment --comment "Profile kns.kube-system egress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pro-kns.kube-system -m comment --comment "cali:HVEEtYPJsiGRXCIt" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pro-kns.logging -m comment --comment "cali:Nsfe6SHmhjL4prTz" -m comment --comment "Profile kns.logging egress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pro-kns.logging -m comment --comment "cali:FEPRRqbwcxgxZArC" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pro-kns.monitoring -m comment --comment "cali:9-CsW4Hj4yBZ5bel" -m comment --comment "Profile kns.monitoring egress" -j MARK --set-xmark 0x10000/0x10000
-A cali-pro-kns.monitoring -m comment --comment "cali:KJrntAjpycMiCZe4" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-pro-ksa.airs.default -m comment --comment "cali:_MsUTaRFQFPTR88H" -m comment --comment "Profile ksa.airs.default egress" 
-A cali-set-endpoint-mark -i cali158be20c965 -m comment --comment "cali:YiSJQCfFLbq7WuAb" -g cali-sm-cali158be20c965
-A cali-set-endpoint-mark -i cali6+ -m comment --comment "cali:dEajvXT3nVgLYaqX" -g cali-set-endpoint-mark-6
-A cali-set-endpoint-mark -i cali82d36c27766 -m comment --comment "cali:nfxWqTQXJACus0M2" -g cali-sm-cali82d36c27766
-A cali-set-endpoint-mark -i calic534486175c -m comment --comment "cali:EjJZUAeue52-jBoP" -g cali-sm-calic534486175c
-A cali-set-endpoint-mark -i cali+ -m comment --comment "cali:J2x8GleVvYWfoyMd" -m comment --comment "Unknown endpoint" -j DROP
-A cali-set-endpoint-mark -m comment --comment "cali:XZovPAGHPrgI8n8w" -m comment --comment "Non-Cali endpoint mark" -j MARK --set-xmark 0x100000/0xfff00000
-A cali-set-endpoint-mark-6 -i cali61f819ff8a1 -m comment --comment "cali:f2PjYED3-Su8LNZ9" -g cali-sm-cali61f819ff8a1
-A cali-set-endpoint-mark-6 -i cali6dbd8ce9f77 -m comment --comment "cali:oVdaWeh6XQstwWZX" -g cali-sm-cali6dbd8ce9f77
-A cali-sm-cali158be20c965 -m comment --comment "cali:_TBnzRoQgYQElwIV" -j MARK --set-xmark 0x29c00000/0xfff00000
-A cali-sm-cali61f819ff8a1 -m comment --comment "cali:4PWK20_X4JGLgDaX" -j MARK --set-xmark 0x9ef00000/0xfff00000
-A cali-sm-cali6dbd8ce9f77 -m comment --comment "cali:iraQ-vhZopqNLla5" -j MARK --set-xmark 0xe9f00000/0xfff00000
-A cali-sm-cali82d36c27766 -m comment --comment "cali:c6rYqOF8UzBsypXc" -j MARK --set-xmark 0xf800000/0xfff00000
-A cali-sm-calic534486175c -m comment --comment "cali:1TcuejrEw9h1NHgp" -j MARK --set-xmark 0x90100000/0xfff00000
-A cali-to-wl-dispatch -o cali158be20c965 -m comment --comment "cali:NgolXjON-sKf-E4X" -g cali-tw-cali158be20c965
-A cali-to-wl-dispatch -o cali6+ -m comment --comment "cali:2tJNCNkTFwtwA53W" -g cali-to-wl-dispatch-6
-A cali-to-wl-dispatch -o cali82d36c27766 -m comment --comment "cali:LdQ6H0nkfg5gDeM2" -g cali-tw-cali82d36c27766
-A cali-to-wl-dispatch -o calic534486175c -m comment --comment "cali:Lc41B5AYTCFaCLd3" -g cali-tw-calic534486175c
-A cali-to-wl-dispatch -m comment --comment "cali:LVCLlo3G74auZnM3" -m comment --comment "Unknown interface" -j DROP
-A cali-to-wl-dispatch-6 -o cali61f819ff8a1 -m comment --comment "cali:oNHbEpxY4laZUu-7" -g cali-tw-cali61f819ff8a1
-A cali-to-wl-dispatch-6 -o cali6dbd8ce9f77 -m comment --comment "cali:t2PIYcHekPeKbbT1" -g cali-tw-cali6dbd8ce9f77
-A cali-to-wl-dispatch-6 -m comment --comment "cali:KLavClIjSA6TBRMI" -m comment --comment "Unknown interface" -j DROP
-A cali-tw-cali158be20c965 -m comment --comment "cali:mvj0yhtaj2C_OoWx" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-tw-cali158be20c965 -m comment --comment "cali:0_-GuSp5-9bn6WCJ" -m conntrack --ctstate INVALID -j DROP
-A cali-tw-cali158be20c965 -m comment --comment "cali:82J9g7vKGeVJkNdG" -j MARK --set-xmark 0x0/0x10000
-A cali-tw-cali158be20c965 -m comment --comment "cali:_bDPwaIPrX6z2BSl" -j cali-pri-kns.logging
-A cali-tw-cali158be20c965 -m comment --comment "cali:dPL0qqpseCJMO1vt" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-cali158be20c965 -m comment --comment "cali:IYe2ciWKnOI59O8X" -j cali-pri-_hBY0ZKx5QFvbMdaVEt
-A cali-tw-cali158be20c965 -m comment --comment "cali:0F26-g_ey9LCQtUC" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-cali158be20c965 -m comment --comment "cali:xoAktM8kZ6-gext5" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-tw-cali61f819ff8a1 -m comment --comment "cali:XdYe5_VrkvIiYyUx" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-tw-cali61f819ff8a1 -m comment --comment "cali:HUgw2ea2WcdLP0KL" -m conntrack --ctstate INVALID -j DROP
-A cali-tw-cali61f819ff8a1 -m comment --comment "cali:6xliVx39Bl48iJGg" -j MARK --set-xmark 0x0/0x10000
-A cali-tw-cali61f819ff8a1 -m comment --comment "cali:k4sBNUzLlN4fJZMX" -j cali-pri-kns.kube-system
-A cali-tw-cali61f819ff8a1 -m comment --comment "cali:L35WwUH2zOfo3Jr4" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-cali61f819ff8a1 -m comment --comment "cali:06Nl___kumefVdK1" -j cali-pri-_hNSGmJYNT8uLIzxesP
-A cali-tw-cali61f819ff8a1 -m comment --comment "cali:HUb6bgoaWDFXsFsa" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-cali61f819ff8a1 -m comment --comment "cali:ryurvuguMP0XBpHH" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-tw-cali6dbd8ce9f77 -m comment --comment "cali:ZOESi6BImn73QJwd" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-tw-cali6dbd8ce9f77 -m comment --comment "cali:mnsc2O015cEPo0W7" -m conntrack --ctstate INVALID -j DROP
-A cali-tw-cali6dbd8ce9f77 -m comment --comment "cali:_TFDkumApnsUYsK3" -j MARK --set-xmark 0x0/0x10000
-A cali-tw-cali6dbd8ce9f77 -m comment --comment "cali:VxifEZjXP8tIvjGA" -j cali-pri-kns.monitoring
-A cali-tw-cali6dbd8ce9f77 -m comment --comment "cali:THt6JQdu7oTse009" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-cali6dbd8ce9f77 -m comment --comment "cali:9lZB4e5wHpcjc3wD" -j cali-pri-_epG8IGhtHjVk-L4I_A
-A cali-tw-cali6dbd8ce9f77 -m comment --comment "cali:Fhh9wrVea_QhDgt5" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-cali6dbd8ce9f77 -m comment --comment "cali:PplYyDr6POdY3MIi" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-tw-cali82d36c27766 -m comment --comment "cali:bg6-SAUXxSX-ez0P" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-tw-cali82d36c27766 -m comment --comment "cali:6b-rX1HkWYkYtUBL" -m conntrack --ctstate INVALID -j DROP
-A cali-tw-cali82d36c27766 -m comment --comment "cali:nvpf2t8ufaGYCQdG" -j MARK --set-xmark 0x0/0x10000
-A cali-tw-cali82d36c27766 -m comment --comment "cali:52IMHIoAXR8tCKJK" -j cali-pri-kns.airs-system
-A cali-tw-cali82d36c27766 -m comment --comment "cali:cUh7GYWp_UY8ghOh" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-cali82d36c27766 -m comment --comment "cali:es6K3BB3380T56r1" -j cali-pri-_mluTlJXg3OLaEFjyzh
-A cali-tw-cali82d36c27766 -m comment --comment "cali:Rx55bXqRHdNnij3N" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-cali82d36c27766 -m comment --comment "cali:rWnWiyAlAqva48j_" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-tw-calic534486175c -m comment --comment "cali:JbUzom4mN17HEB5K" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A cali-tw-calic534486175c -m comment --comment "cali:ni6n0RZv_hPYMKsq" -m conntrack --ctstate INVALID -j DROP
-A cali-tw-calic534486175c -m comment --comment "cali:L2hA5wy3HCXhe3Lp" -j MARK --set-xmark 0x0/0x10000
-A cali-tw-calic534486175c -m comment --comment "cali:A5Z-iIViOFVGWz40" -j cali-pri-kns.airs
-A cali-tw-calic534486175c -m comment --comment "cali:7vtVpLkyH4h4scwI" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-calic534486175c -m comment --comment "cali:hIAzYoH9HHeOBAOc" -j cali-pri-ksa.airs.default
-A cali-tw-calic534486175c -m comment --comment "cali:ERCIx458EQzRLIBq" -m comment --comment "Return if profile accepted" -m mark --mark 0x10000/0x10000 -j RETURN
-A cali-tw-calic534486175c -m comment --comment "cali:c7tNjWhyd8ddhdw_" -m comment --comment "Drop if no profiles matched" -j DROP
-A cali-wl-to-host -m comment --comment "cali:Ee9Sbo10IpVujdIY" -j cali-from-wl-dispatch
-A cali-wl-to-host -m comment --comment "cali:nSZbcOoG1xPONxb8" -m comment --comment "Configured DefaultEndpointToHostAction" -j ACCEPT