on kubernetes pod had a DNS issue, it could not reach the outside. The
Fortigate firewall was not receiving the packet.
Only one node was affected, and this node was an updated Debian Buster image
from Stretch.
The difference is that Buster uses now nftables instead of iptables.
so there is the iptables command and the iptables-legacy.
I could see that the iptables -L command was not being populated with calico
inputs, and instead these rules were added in iptables-legacy.
This is due to the fact that calico still uses the old iptables.
In order to make everything work, I use only the iptables-legacy :
update-alternatives --set iptables /usr/sbin/iptables-legacy
this is a known Calico issue #2322 : https://github.com/projectcalico/calico/issues/2322
