table inet filter { # handle 4
	chain INPUT { # handle 1
		type filter hook input priority filter; policy drop;
		jump EDPM_INPUT # handle 677
		jump EDPM_INPUT # handle 658
		jump TRIPLEO_INPUT # handle 631
		ip saddr 172.17.1.0/24 tcp dport 6641 ct state new counter packets 0 bytes 0 accept # handle 632
		ip saddr 172.17.1.0/24 tcp dport 6642 ct state new counter packets 0 bytes 0 accept # handle 633
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}

	chain TRIPLEO_INPUT { # handle 554
		ct state established,related counter packets 1383477 bytes 2906157092 accept comment "000 accept related established rules" # handle 555
		meta l4proto icmp ct state new counter packets 5 bytes 327 accept comment "001 accept all icmp" # handle 556
		meta l4proto ipv6-icmp counter packets 45 bytes 3240 accept comment "001 accept all ipv6-icmp" # handle 557
		iifname "lo" counter packets 37983 bytes 2363826 accept comment "002 accept all to lo interface" # handle 558
		tcp dport 22 ct state new counter packets 284 bytes 16976 accept comment "003 accept ssh from all" # handle 559
		ip saddr 192.168.122.0/24 tcp dport 22 ct state new counter packets 0 bytes 0 accept comment "003 accept ssh from ctlplane subnet 192.168.122.0/24" # handle 560
		ip6 daddr fe80::/64 udp dport 546 ct state new counter packets 0 bytes 0 accept comment "004 accept ipv6 dhcpv6" # handle 561
		tcp dport 8776 ct state new counter packets 3060 bytes 183600 accept comment "100 cinder_haproxy_frontend" # handle 562
		tcp dport 13776 ct state new counter packets 0 bytes 0 accept comment "100 cinder_haproxy_frontend_ssl" # handle 563
		tcp dport 9292 ct state new counter packets 3060 bytes 183600 accept comment "100 glance_api_haproxy_frontend" # handle 564
		tcp dport 13292 ct state new counter packets 0 bytes 0 accept comment "100 glance_api_haproxy_frontend_ssl" # handle 565
		tcp dport 9293 ct state new counter packets 3055 bytes 183300 accept comment "100 glance_api_internal_haproxy_frontend" # handle 566
		tcp dport 8000 ct state new counter packets 3056 bytes 183360 accept comment "100 heat_api_cfn_haproxy_frontend" # handle 567
		tcp dport 13005 ct state new counter packets 0 bytes 0 accept comment "100 heat_api_cfn_haproxy_frontend_ssl" # handle 568
		tcp dport 8004 ct state new counter packets 3056 bytes 183360 accept comment "100 heat_api_haproxy_frontend" # handle 569
		tcp dport 13004 ct state new counter packets 0 bytes 0 accept comment "100 heat_api_haproxy_frontend_ssl" # handle 570
		tcp dport 80 ct state new counter packets 0 bytes 0 accept comment "100 horizon_haproxy_frontend" # handle 571
		tcp dport 443 ct state new counter packets 3061 bytes 183660 accept comment "100 horizon_haproxy_frontend_ssl" # handle 572
		tcp dport 35357 ct state new counter packets 0 bytes 0 accept comment "100 keystone_admin_haproxy_frontend" # handle 573
		tcp dport 5000 ct state new counter packets 6176 bytes 370560 accept comment "100 keystone_public_haproxy_frontend" # handle 574
		tcp dport 13000 ct state new counter packets 0 bytes 0 accept comment "100 keystone_public_haproxy_frontend_ssl" # handle 575
		tcp dport 8786 ct state new counter packets 3054 bytes 183240 accept comment "100 manila_haproxy_frontend" # handle 576
		tcp dport 13786 ct state new counter packets 0 bytes 0 accept comment "100 manila_haproxy_frontend_ssl" # handle 577
		tcp dport 3306 ct state new counter packets 1 bytes 60 accept comment "100 mysql_haproxy" # handle 578
		tcp dport 9696 ct state new counter packets 3053 bytes 183180 accept comment "100 neutron_haproxy_frontend" # handle 579
		tcp dport 13696 ct state new counter packets 0 bytes 0 accept comment "100 neutron_haproxy_frontend_ssl" # handle 580
		tcp dport 8775 ct state new counter packets 3074 bytes 184440 accept comment "100 nova_metadatahaproxy_frontend" # handle 581
		tcp dport 13775 ct state new counter packets 0 bytes 0 accept comment "100 nova_metadatahaproxy_frontend_ssl" # handle 582
		tcp dport 8774 ct state new counter packets 3064 bytes 183840 accept comment "100 nova_osapi_haproxy_frontend" # handle 583
		tcp dport 13774 ct state new counter packets 0 bytes 0 accept comment "100 nova_osapi_haproxy_frontend_ssl" # handle 584
		tcp dport 6080 ct state new counter packets 0 bytes 0 accept comment "100 nova_vncproxy_haproxy_frontend" # handle 585
		tcp dport 13080 ct state new counter packets 0 bytes 0 accept comment "100 nova_vncproxy_haproxy_frontend_ssl" # handle 586
		tcp dport 8778 ct state new counter packets 3082 bytes 184920 accept comment "100 placement_haproxy_frontend" # handle 587
		tcp dport 13778 ct state new counter packets 0 bytes 0 accept comment "100 placement_haproxy_frontend_ssl" # handle 588
		tcp dport 8080 ct state new counter packets 3057 bytes 183420 accept comment "100 swift_proxy_server_haproxy_frontend" # handle 589
		tcp dport 13808 ct state new counter packets 0 bytes 0 accept comment "100 swift_proxy_server_haproxy_frontend_ssl" # handle 590
		tcp dport { 873, 3123, 3306, 4444, 4567, 4568, 9200 } ct state new counter packets 6604 bytes 396240 accept comment "104 mysql galera-bundle" # handle 592
		udp dport 123 ct state new counter packets 0 bytes 0 accept comment "105 ntp" # handle 593
		tcp dport 1993 ct state new counter packets 0 bytes 0 accept comment "107 haproxy stats" # handle 594
		tcp dport { 3124, 6379, 26379 } ct state new counter packets 692 bytes 41520 accept comment "108 redis-bundle" # handle 596
		tcp dport { 5667, 5668 } ct state new counter packets 0 bytes 0 accept comment "109 accept internal metrics qdr ctlplane subnet 192.168.122.0/24" # handle 598
		tcp dport 5666 ct state new counter packets 0 bytes 0 accept comment "109 metrics qdr" # handle 599
		tcp dport { 3122, 4369, 5672, 25672-25683 } ct state new counter packets 346 bytes 20760 accept comment "109 rabbitmq-bundle" # handle 601
		tcp dport { 5000, 35357 } ct state new counter packets 0 bytes 0 accept comment "111 keystone" # handle 603
		tcp dport 9292 ct state new counter packets 0 bytes 0 accept comment "112 glance_api" # handle 604
		tcp dport 9293 ct state new counter packets 0 bytes 0 accept comment "112 glance_api_internal" # handle 605
		tcp dport 8774 ct state new counter packets 0 bytes 0 accept comment "113 nova_api" # handle 606
		tcp dport 9696 ct state new counter packets 0 bytes 0 accept comment "114 neutron api" # handle 607
		udp dport 4789 counter packets 0 bytes 0 accept comment "118 neutron vxlan networks" # handle 608
		tcp dport 8776 ct state new counter packets 0 bytes 0 accept comment "119 cinder" # handle 609
		udp dport 6081 counter packets 10226 bytes 1043052 accept comment "119 neutron geneve networks" # handle 610
		tcp dport 3260 ct state new counter packets 0 bytes 0 accept comment "120 iscsi initiator" # handle 611
		ip saddr 172.17.0.0/24 tcp dport { 11211, 11212 } ct state new counter packets 128 bytes 7934 accept comment "121 memcached 172.17.0.0/24" # handle 613
		ip saddr 172.17.0.0/24 tcp dport { 6641, 6642, 6643, 6644 } ct state new counter packets 664 bytes 39840 accept comment "121 OVN DB server and cluster ports for 172.17.0.0/24" # handle 615
		tcp dport 8080 ct state new counter packets 0 bytes 0 accept comment "122 swift proxy" # handle 616
		tcp dport { 873, 6000, 6001, 6002 } ct state new counter packets 157611 bytes 9456660 accept comment "123 swift storage" # handle 618
		ip saddr 192.168.122.0/24 udp dport 161 ct state new counter packets 0 bytes 0 accept comment "124 snmp 192.168.122.0/24" # handle 619
		tcp dport 8004 ct state new counter packets 0 bytes 0 accept comment "125 heat_api" # handle 620
		tcp dport 8000 ct state new counter packets 0 bytes 0 accept comment "125 heat_cfn" # handle 621
		tcp dport 443 ct state new counter packets 0 bytes 0 accept comment "126 horizon" # handle 622
		tcp dport { 2224, 3121, 21064 } ct state new counter packets 39 bytes 2340 accept comment "130 pacemaker tcp" # handle 624
		udp dport 5405 ct state new counter packets 0 bytes 0 accept comment "131 pacemaker udp" # handle 625
		tcp dport 6080 ct state new counter packets 0 bytes 0 accept comment "137 nova_vnc_proxy" # handle 626
		tcp dport 8778 ct state new counter packets 0 bytes 0 accept comment "138 placement" # handle 627
		tcp dport 8775 ct state new counter packets 0 bytes 0 accept comment "139 nova_metadata" # handle 628
		tcp dport 8786 ct state new counter packets 0 bytes 0 accept comment "150 manila" # handle 629
		limit rate 20/minute burst 15 packets counter packets 20 bytes 1180 log prefix "DROPPING: " flags all comment "999 log all" # handle 630
	}

	chain EDPM_INPUT { # handle 651
		ct state established,related counter packets 2557859 bytes 310112611 accept comment "000 accept related established rules" # handle 669
		meta l4proto icmp ct state new counter packets 12 bytes 542 accept comment "001 accept all icmp" # handle 670
		meta l4proto ipv6-icmp counter packets 15 bytes 1080 accept comment "001 accept all ipv6-icmp" # handle 671
		iifname "lo" counter packets 6116 bytes 366960 accept comment "002 accept all to lo interface" # handle 672
		ip saddr 0.0.0.0/0 tcp dport 22 ct state new counter packets 248 bytes 14836 accept comment "003 Allow ssh from 0.0.0.0/0" # handle 673
		ip6 daddr fe80::/64 udp dport 546 ct state new counter packets 0 bytes 0 accept comment "004 accept ipv6 dhcpv6" # handle 674
		udp dport 4789 ct state new counter packets 0 bytes 0 accept comment "118 neutron vxlan networks" # handle 675
		udp dport 6081 ct state untracked counter packets 17050 bytes 1739100 accept comment "119 neutron geneve networks" # handle 676
	}
}
table inet raw { # handle 5
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
		jump EDPM_PREROUTING # handle 64
		jump TRIPLEO_PREROUTING # handle 50
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
		jump EDPM_OUTPUT # handle 63
		jump TRIPLEO_OUTPUT # handle 49
	}

	chain TRIPLEO_OUTPUT { # handle 45
		udp dport 6081 ct state invalid counter packets 10225 bytes 1042950 notrack comment "120 neutron geneve networks no conntrack" # handle 47
	}

	chain TRIPLEO_PREROUTING { # handle 46
		udp dport 6081 ct state invalid counter packets 10226 bytes 1043052 notrack comment "121 neutron geneve networks no conntrack" # handle 48
	}

	chain EDPM_OUTPUT { # handle 59
		udp dport 6081 counter packets 16983 bytes 1732266 notrack comment "120 neutron geneve networks no conntrack" # handle 61
	}

	chain EDPM_PREROUTING { # handle 60
		udp dport 6081 counter packets 17050 bytes 1739100 notrack comment "121 neutron geneve networks no conntrack" # handle 62
	}
}
table inet nat { # handle 6
	chain PREROUTING { # handle 1
		type nat hook prerouting priority dstnat; policy accept;
	}

	chain INPUT { # handle 2
		type nat hook input priority 100; policy accept;
	}

	chain OUTPUT { # handle 3
		type nat hook output priority -100; policy accept;
	}

	chain POSTROUTING { # handle 4
		type nat hook postrouting priority srcnat; policy accept;
	}
}
table ip filter { # handle 7
	chain INPUT { # handle 1
		type filter hook input priority filter; policy accept;
		iifname "eth0" meta l4proto tcp ip saddr 38.102.83.114  counter packets 944 bytes 1026636 accept # handle 4
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}
}
table ip raw { # handle 8
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
	}
}
table ip nat { # handle 9
	chain PREROUTING { # handle 1
		type nat hook prerouting priority dstnat; policy accept;
	}

	chain INPUT { # handle 2
		type nat hook input priority 100; policy accept;
	}

	chain OUTPUT { # handle 3
		type nat hook output priority -100; policy accept;
	}

	chain POSTROUTING { # handle 4
		type nat hook postrouting priority srcnat; policy accept;
	}
}
table ip6 raw { # handle 10
	chain PREROUTING { # handle 1
		type filter hook prerouting priority raw; policy accept;
	}

	chain OUTPUT { # handle 2
		type filter hook output priority raw; policy accept;
	}
}
table ip6 filter { # handle 11
	chain INPUT { # handle 1
		type filter hook input priority filter; policy accept;
	}

	chain FORWARD { # handle 2
		type filter hook forward priority filter; policy accept;
	}

	chain OUTPUT { # handle 3
		type filter hook output priority filter; policy accept;
	}
}
