003 accept ssh from all:
  dport: 22
  extras:
    ensure: present
  proto: tcp
003 accept ssh from ctlplane subnet 192.168.122.0/24:
  dport: 22
  proto: tcp
  source: 192.168.122.0/24
104 mysql galera-bundle:
  dport:
  - 873
  - 3123
  - 3306
  - 4444
  - 4567
  - 4568
  - 9200
105 ntp:
  dport: 123
  proto: udp
107 haproxy stats:
  dport: 1993
109 accept internal metrics qdr ctlplane subnet 192.168.122.0/24:
  dport:
  - 5667
  - 5668
109 metrics qdr:
  dport:
  - 5666
109 rabbitmq-bundle:
  dport:
  - 3122
  - 4369
  - 5672
  - 25672
  - 25673-25683
113 nova_migration_target accept api subnet 172.17.0.0/24:
  dport: 2022
  proto: tcp
  source: 172.17.0.0/24
113 nova_migration_target accept libvirt subnet 172.17.0.0/24:
  dport: 2022
  proto: tcp
  source: 172.17.0.0/24
118 neutron vxlan networks:
  dport: 4789
  proto: udp
  state: []
119 neutron geneve networks:
  dport: 6081
  proto: udp
  state: []
120 neutron geneve networks no conntrack:
  action: append
  chain: OUTPUT
  dport: 6081
  jump: NOTRACK
  proto: udp
  state:
  - INVALID
  table: raw
121 neutron geneve networks no conntrack:
  action: append
  chain: PREROUTING
  dport: 6081
  jump: NOTRACK
  proto: udp
  state:
  - INVALID
  table: raw
124 snmp 192.168.122.0/24:
  dport: 161
  proto: udp
  source: 192.168.122.0/24
130 pacemaker tcp:
  dport:
  - 2224
  - 3121
  - 21064
  proto: tcp
131 pacemaker udp:
  dport: 5405
  proto: udp
137 nova_vnc_proxy:
  dport:
  - 6080
139 nova_metadata:
  dport:
  - 8775
200 nova_libvirt:
  dport:
  - 16514
  - 61152-61215
  - 5900-6923