003 accept ssh from all:
  dport: 22
  extras:
    ensure: present
  proto: tcp
003 accept ssh from ctlplane subnet 192.168.122.0/24:
  dport: 22
  proto: tcp
  source: 192.168.122.0/24
105 ntp:
  dport: 123
  proto: udp
109 accept internal metrics qdr ctlplane subnet 192.168.122.0/24:
  dport:
  - 5667
  - 5668
109 metrics qdr:
  dport:
  - 5666
113 nova_migration_target accept api subnet 172.17.0.0/24:
  dport: 2022
  proto: tcp
  source: 172.17.0.0/24
113 nova_migration_target accept libvirt subnet 172.17.0.0/24:
  dport: 2022
  proto: tcp
  source: 172.17.0.0/24
118 neutron vxlan networks:
  dport: 4789
  proto: udp
  state: []
119 neutron geneve networks:
  dport: 6081
  proto: udp
  state: []
120 neutron geneve networks no conntrack:
  action: append
  chain: OUTPUT
  dport: 6081
  jump: NOTRACK
  proto: udp
  state:
  - INVALID
  table: raw
121 neutron geneve networks no conntrack:
  action: append
  chain: PREROUTING
  dport: 6081
  jump: NOTRACK
  proto: udp
  state:
  - INVALID
  table: raw
124 snmp 192.168.122.0/24:
  dport: 161
  proto: udp
  source: 192.168.122.0/24
200 nova_libvirt:
  dport:
  - 16514
  - 61152-61215
  - 5900-6923