table inet filter { # handle 12
	chain INPUT { # handle 1
		type filter hook input priority filter; policy drop;
		jump EDPM_INPUT # handle 34
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}

	chain EDPM_INPUT { # handle 4
		tcp dport 9101 ct state new counter packets 62 bytes 3720 accept comment "000 Allow ceilometer_compute_prom_exporter traffic" # handle 5
		tcp dport 9100 ct state new counter packets 0 bytes 0 accept comment "000 Allow node_exporter traffic" # handle 6
		tcp dport 9882 ct state new counter packets 0 bytes 0 accept comment "000 Allow podman_exporter traffic" # handle 7
		ct state established,related counter packets 632298 bytes 3559078699 accept comment "000 accept related established rules" # handle 8
		tcp dport 9105 ct state new counter packets 0 bytes 0 accept comment "001 Allow openstack_network_exporter traffic" # handle 9
		meta l4proto icmp ct state new counter packets 72 bytes 4760 accept comment "001 accept all icmp" # handle 10
		meta l4proto ipv6-icmp counter packets 1 bytes 72 accept comment "001 accept all ipv6-icmp" # handle 11
		iifname "lo" counter packets 541 bytes 32460 accept comment "002 accept all to lo interface" # handle 12
		ip saddr 0.0.0.0/0 tcp dport 22 ct state new counter packets 147 bytes 8568 accept comment "003 Allow ssh from 0.0.0.0/0" # handle 13
		ip6 daddr fe80::/64 udp dport 546 ct state new counter packets 0 bytes 0 accept comment "004 accept ipv6 dhcpv6" # handle 14
		tcp dport 5900-6923 ct state new counter packets 986 bytes 59160 accept comment "005 Allow vnc access on all networks." # handle 15
		tcp dport 61152-61215 ct state new counter packets 2 bytes 120 accept comment "006 Allow libvirt live migration traffic" # handle 16
		udp dport 4789 ct state new counter packets 0 bytes 0 accept comment "118 neutron vxlan networks" # handle 17
		udp dport 6081 ct state untracked counter packets 6354 bytes 648092 accept comment "119 neutron geneve networks" # handle 18
		tcp dport 9093 ct state new counter packets 0 bytes 0 accept comment "100 ceph_alertmanager" # handle 19
		tcp dport 8443 ct state new counter packets 0 bytes 0 accept comment "100 ceph_dashboard" # handle 20
		tcp dport 3100 ct state new counter packets 0 bytes 0 accept comment "100 ceph_grafana" # handle 21
		tcp dport 9092 ct state new counter packets 0 bytes 0 accept comment "100 ceph_prometheus" # handle 22
		tcp dport 8080 ct state new counter packets 0 bytes 0 accept comment "100 ceph_rgw" # handle 23
		tcp dport { 3300, 6789, 9100 } ct state new counter packets 2371 bytes 142260 accept comment "110 ceph_mon" # handle 25
		tcp dport { 6800-7300, 9100 } ct state new counter packets 0 bytes 0 accept comment "112 ceph_mds" # handle 27
		tcp dport { 6800-7300, 8444 } ct state new counter packets 0 bytes 0 accept comment "113 ceph_mgr" # handle 29
		tcp dport { 2049, 12049 } ct state new counter packets 0 bytes 0 accept comment "120 ceph_nfs" # handle 31
		tcp dport { 9090, 9094, 9283 } ct state new counter packets 0 bytes 0 accept comment "123 ceph_dashboard" # handle 33
	}
}
table inet raw { # handle 13
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
		jump EDPM_PREROUTING # handle 8
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
		jump EDPM_OUTPUT # handle 7
	}

	chain EDPM_OUTPUT { # handle 3
		udp dport 6081 counter packets 6381 bytes 650568 notrack comment "120 neutron geneve networks no conntrack" # handle 5
	}

	chain EDPM_PREROUTING { # handle 4
		udp dport 6081 counter packets 6354 bytes 648092 notrack comment "121 neutron geneve networks no conntrack" # handle 6
	}
}
table inet nat { # handle 14
	chain PREROUTING { # handle 1
		type nat hook prerouting priority dstnat; policy accept;
	}

	chain INPUT { # handle 2
		type nat hook input priority 100; policy accept;
	}

	chain OUTPUT { # handle 3
		type nat hook output priority -100; policy accept;
	}

	chain POSTROUTING { # handle 4
		type nat hook postrouting priority srcnat; policy accept;
	}
}
table ip filter { # handle 15
	chain INPUT { # handle 1
		type filter hook input priority filter; policy accept;
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}
}
table ip raw { # handle 16
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
	}
}
table ip nat { # handle 17
	chain PREROUTING { # handle 1
		type nat hook prerouting priority dstnat; policy accept;
	}

	chain INPUT { # handle 2
		type nat hook input priority 100; policy accept;
	}

	chain OUTPUT { # handle 3
		type nat hook output priority -100; policy accept;
	}

	chain POSTROUTING { # handle 4
		type nat hook postrouting priority srcnat; policy accept;
	}
}
table ip6 raw { # handle 18
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
	}
}
table ip6 filter { # handle 19
	chain INPUT { # handle 1
		type filter hook input priority filter; policy accept;
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}
}
