003 accept ssh from all:
  dport: 22
  extras:
    ensure: present
  proto: tcp
003 accept ssh from ctlplane subnet 192.168.122.0/24:
  dport: 22
  proto: tcp
  source: 192.168.122.0/24
104 mysql galera-bundle:
  dport:
  - 873
  - 3123
  - 3306
  - 4444
  - 4567
  - 4568
  - 9200
105 ntp:
  dport: 123
  proto: udp
107 haproxy stats:
  dport: 1993
108 redis-bundle:
  dport:
  - 3124
  - 6379
  - 26379
109 rabbitmq-bundle:
  dport:
  - 3122
  - 4369
  - 5672
  - 25672
  - 25673-25683
111 keystone:
  dport:
  - 5000
  - '35357'
112 glance_api:
  dport:
  - 9292
112 glance_api_internal:
  dport:
  - '9293'
113 nova_api:
  dport:
  - 8774
113 nova_migration_target accept api subnet 172.17.0.0/24:
  dport: 2022
  proto: tcp
  source: 172.17.0.0/24
113 nova_migration_target accept libvirt subnet 172.17.0.0/24:
  dport: 2022
  proto: tcp
  source: 172.17.0.0/24
114 neutron api:
  dport:
  - 9696
115 neutron dhcp input:
  dport: 67
  ipversion: ipv4
  proto: udp
115 neutron dhcpv6 input:
  dport: 547
  ipversion: ipv6
  proto: udp
116 neutron dhcp output:
  chain: OUTPUT
  dport: 68
  ipversion: ipv4
  proto: udp
116 neutron dhcpv6 output:
  chain: OUTPUT
  dport: 546
  ipversion: ipv6
  proto: udp
116 neutron dhcpv6 relay output:
  chain: OUTPUT
  dport: 547
  ipversion: ipv6
  proto: udp
118 neutron vxlan networks:
  dport: 4789
  proto: udp
  state: []
119 cinder:
  dport:
  - 8776
119 neutron geneve networks:
  dport: 6081
  proto: udp
  state: []
120 iscsi initiator:
  dport: 3260
120 neutron geneve networks no conntrack:
  action: append
  chain: OUTPUT
  dport: 6081
  jump: NOTRACK
  proto: udp
  state:
  - INVALID
  table: raw
120 octavia api:
  dport:
  - 9876
121 OVN DB server and cluster ports for 172.17.0.0/24:
  dport:
  - 6641
  - 6642
  - 6643
  - 6644
  proto: tcp
  source: 172.17.0.0/24
121 memcached 172.17.0.0/24:
  dport:
  - 11212
  - 11211
  proto: tcp
  source: 172.17.0.0/24
121 neutron geneve networks no conntrack:
  action: append
  chain: PREROUTING
  dport: 6081
  jump: NOTRACK
  proto: udp
  state:
  - INVALID
  table: raw
122 swift proxy:
  dport:
  - 8080
123 swift storage:
  dport:
  - 873
  - 6000
  - 6001
  - 6002
124 snmp 192.168.122.0/24:
  dport: 161
  proto: udp
  source: 192.168.122.0/24
125 heat_api:
  dport:
  - 8004
125 heat_cfn:
  dport:
  - 8000
126 horizon:
  dport:
  - 443
128 aodh-api:
  dport:
  - 8042
129 gnocchi-api:
  dport:
  - 8041
130 pacemaker tcp:
  dport:
  - 2224
  - 3121
  - 21064
  proto: tcp
131 pacemaker udp:
  dport: 5405
  proto: udp
137 nova_vnc_proxy:
  dport:
  - 6080
138 placement:
  dport:
  - 8778
139 nova_metadata:
  dport:
  - 8775
140 gnocchi-statsd:
  dport: 8125
  proto: udp
150 manila:
  dport:
  - 8786
155 docker-registry:
  dport:
  - 8787
200 nova_libvirt:
  dport:
  - 16514
  - 61152-61215
  - 5900-6923
200 octavia health manager interface:
  dport: 5555
  iniface: o-hm0
  proto: udp
210 octavia lb-mgmt-net offload rsyslog:
  dport: 514
  iniface: o-hm0
  proto: udp