table inet filter { # handle 8
	chain INPUT { # handle 1
		type filter hook input priority filter; policy drop;
		jump EDPM_INPUT # handle 146
		jump EDPM_INPUT # handle 109
		jump EDPM_INPUT # handle 76
		jump EDPM_INPUT # handle 51
		jump EDPM_INPUT # handle 32
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}

	chain EDPM_INPUT { # handle 25
		tcp dport 8888 ct state new counter packets 100 bytes 6000 accept comment "000 Allow Kepler traffic" # handle 129
		tcp dport 9101 ct state new counter packets 103 bytes 6180 accept comment "000 Allow ceilometer_compute_prom_exporter traffic" # handle 130
		tcp dport 9102 ct state new counter packets 103 bytes 6180 accept comment "000 Allow ceilometer_ipmi_prom_exporter traffic" # handle 131
		tcp dport 9100 ct state new counter packets 0 bytes 0 accept comment "000 Allow node_exporter traffic" # handle 132
		tcp dport 9882 ct state new counter packets 0 bytes 0 accept comment "000 Allow podman_exporter traffic" # handle 133
		ct state established,related counter packets 93539 bytes 94689617 accept comment "000 accept related established rules" # handle 134
		tcp dport 9105 ct state new counter packets 0 bytes 0 accept comment "001 Allow openstack_network_exporter traffic" # handle 135
		meta l4proto icmp ct state new counter packets 3 bytes 110 accept comment "001 accept all icmp" # handle 136
		meta l4proto ipv6-icmp counter packets 0 bytes 0 accept comment "001 accept all ipv6-icmp" # handle 137
		iifname "lo" counter packets 20 bytes 1360 accept comment "002 accept all to lo interface" # handle 138
		ip saddr 0.0.0.0/0 tcp dport 22 ct state new counter packets 40 bytes 2328 accept comment "003 Allow ssh from 0.0.0.0/0" # handle 139
		ip6 daddr fe80::/64 udp dport 546 ct state new counter packets 0 bytes 0 accept comment "004 accept ipv6 dhcpv6" # handle 140
		tcp dport 5900-6923 ct state new counter packets 0 bytes 0 accept comment "005 Allow vnc access on all networks." # handle 141
		tcp dport 61152-61215 ct state new counter packets 0 bytes 0 accept comment "006 Allow libvirt live migration traffic" # handle 142
		tcp dport 16514 ct state new counter packets 0 bytes 0 accept comment "007 Allow libvirt tls" # handle 143
		udp dport 4789 ct state new counter packets 0 bytes 0 accept comment "118 neutron vxlan networks" # handle 144
		udp dport 6081 ct state untracked counter packets 0 bytes 0 accept comment "119 neutron geneve networks" # handle 145
	}
}
table inet raw { # handle 9
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
		jump EDPM_PREROUTING # handle 46
		jump EDPM_PREROUTING # handle 36
		jump EDPM_PREROUTING # handle 26
		jump EDPM_PREROUTING # handle 16
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
		jump EDPM_OUTPUT # handle 45
		jump EDPM_OUTPUT # handle 35
		jump EDPM_OUTPUT # handle 25
		jump EDPM_OUTPUT # handle 15
	}

	chain EDPM_OUTPUT { # handle 11
		udp dport 6081 counter packets 0 bytes 0 notrack comment "120 neutron geneve networks no conntrack" # handle 43
	}

	chain EDPM_PREROUTING { # handle 12
		udp dport 6081 counter packets 0 bytes 0 notrack comment "121 neutron geneve networks no conntrack" # handle 44
	}
}
table inet nat { # handle 10
	chain PREROUTING { # handle 1
		type nat hook prerouting priority dstnat; policy accept;
	}

	chain INPUT { # handle 2
		type nat hook input priority srcnat; policy accept;
	}

	chain OUTPUT { # handle 3
		type nat hook output priority dstnat; policy accept;
	}

	chain POSTROUTING { # handle 4
		type nat hook postrouting priority srcnat; policy accept;
	}
}
# Warning: table ip filter is managed by iptables-nft, do not touch!
table ip filter { # handle 11
	chain INPUT { # handle 1
		type filter hook input priority filter; policy accept;
		 counter packets 138740 bytes 239221099 jump NETAVARK_INPUT # handle 11
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
		 counter packets 0 bytes 0 jump NETAVARK_FORWARD # handle 10
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}

	chain NETAVARK_ISOLATION_2 { # handle 4
	}

	chain NETAVARK_ISOLATION_3 { # handle 5
		counter packets 0 bytes 0 jump NETAVARK_ISOLATION_2 # handle 9
	}

	chain NETAVARK_INPUT { # handle 6
	}

	chain NETAVARK_FORWARD { # handle 7
		ct state invalid counter packets 0 bytes 0 drop # handle 14
	}
}
table ip raw { # handle 12
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
	}
}
# Warning: table ip nat is managed by iptables-nft, do not touch!
table ip nat { # handle 13
	chain PREROUTING { # handle 1
		type nat hook prerouting priority dstnat; policy accept;
		fib daddr type local counter packets 606 bytes 36174 jump NETAVARK-HOSTPORT-DNAT # handle 15
	}

	chain INPUT { # handle 2
		type nat hook input priority srcnat; policy accept;
	}

	chain OUTPUT { # handle 3
		type nat hook output priority dstnat; policy accept;
		fib daddr type local counter packets 117 bytes 7020 jump NETAVARK-HOSTPORT-DNAT # handle 16
	}

	chain POSTROUTING { # handle 4
		type nat hook postrouting priority srcnat; policy accept;
		counter packets 842 bytes 58189 jump NETAVARK-HOSTPORT-MASQ # handle 14
	}

	chain NETAVARK-HOSTPORT-SETMARK { # handle 9
		counter packets 0 bytes 0 meta mark set mark or 0x2000 # handle 12
	}

	chain NETAVARK-HOSTPORT-MASQ { # handle 10
		 meta mark & 0x00002000 == 0x00002000 counter packets 0 bytes 0 masquerade # handle 13
	}

	chain NETAVARK-HOSTPORT-DNAT { # handle 11
	}
}
table ip6 raw { # handle 14
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
	}
}
# Warning: table ip6 filter is managed by iptables-nft, do not touch!
table ip6 filter { # handle 15
	chain INPUT { # handle 1
		type filter hook input priority filter; policy accept;
		 counter packets 16 bytes 1120 jump NETAVARK_INPUT # handle 11
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
		 counter packets 0 bytes 0 jump NETAVARK_FORWARD # handle 10
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}

	chain NETAVARK_ISOLATION_2 { # handle 4
	}

	chain NETAVARK_ISOLATION_3 { # handle 5
		counter packets 0 bytes 0 jump NETAVARK_ISOLATION_2 # handle 9
	}

	chain NETAVARK_INPUT { # handle 6
	}

	chain NETAVARK_FORWARD { # handle 7
		ct state invalid counter packets 0 bytes 0 drop # handle 14
	}
}
# Warning: table ip6 nat is managed by iptables-nft, do not touch!
table ip6 nat { # handle 16
	chain POSTROUTING { # handle 4
		type nat hook postrouting priority srcnat; policy accept;
		counter packets 8 bytes 640 jump NETAVARK-HOSTPORT-MASQ # handle 11
	}

	chain NETAVARK-HOSTPORT-SETMARK { # handle 6
		counter packets 0 bytes 0 meta mark set mark or 0x2000 # handle 9
	}

	chain NETAVARK-HOSTPORT-MASQ { # handle 7
		 meta mark & 0x00002000 == 0x00002000 counter packets 0 bytes 0 # Warning: XT target MASQUERADE not found
xt target "MASQUERADE" # handle 10
	}

	chain NETAVARK-HOSTPORT-DNAT { # handle 8
	}

	chain PREROUTING { # handle 12
		type nat hook prerouting priority dstnat; policy accept;
		fib daddr type local counter packets 0 bytes 0 jump NETAVARK-HOSTPORT-DNAT # handle 13
	}

	chain OUTPUT { # handle 14
		type nat hook output priority dstnat; policy accept;
		fib daddr type local counter packets 8 bytes 640 jump NETAVARK-HOSTPORT-DNAT # handle 15
	}
}
