diff --git a/pkg/agent/controller/networkpolicy/packetin.go b/pkg/agent/controller/networkpolicy/packetin.go
index 8657c633b1c..e2d3697175e 100644
--- a/pkg/agent/controller/networkpolicy/packetin.go
+++ b/pkg/agent/controller/networkpolicy/packetin.go
@@ -379,34 +379,35 @@ func (c *Controller) storeDenyConnection(pktIn *ofctrl.PacketIn) error {
 	}
 	disposition := openflow.DispositionToString[id]
 
-	// For K8s NetworkPolicy implicit drop action, we cannot get name/namespace.
-	if tableID == openflow.IngressDefaultTable {
-		denyConn.IngressNetworkPolicyType = registry.PolicyTypeK8sNetworkPolicy
-		denyConn.IngressNetworkPolicyRuleAction = flowexporter.RuleActionToUint8(disposition)
-	} else if tableID == openflow.EgressDefaultTable {
-		denyConn.EgressNetworkPolicyType = registry.PolicyTypeK8sNetworkPolicy
-		denyConn.EgressNetworkPolicyRuleAction = flowexporter.RuleActionToUint8(disposition)
-	} else { // Get name and namespace for Antrea Network Policy or Antrea Cluster Network Policy
-		// Set match to corresponding ingress/egress reg according to disposition
-		match = getMatch(matchers, tableID, id)
-		ruleID, err := getInfoInReg(match, nil)
-		if err != nil {
-			return fmt.Errorf("error when obtaining rule id from reg: %v", err)
+	// Set match to corresponding ingress/egress reg according to disposition
+	match = getMatch(matchers, tableID, id)
+	ruleID, err := getInfoInReg(match, nil)
+	if err != nil {
+		return fmt.Errorf("error when obtaining rule id from reg: %v", err)
+	}
+	policy := c.GetNetworkPolicyByRuleFlowID(ruleID)
+	rule := c.GetRuleByFlowID(ruleID)
+	if policy == nil || rule == nil {
+		// For K8s NetworkPolicy implicit drop action, we cannot get name/namespace.
+		if tableID == openflow.IngressDefaultTable {
+			denyConn.IngressNetworkPolicyType = registry.PolicyTypeK8sNetworkPolicy
+			denyConn.IngressNetworkPolicyRuleAction = flowexporter.RuleActionToUint8(disposition)
+		} else if tableID == openflow.EgressDefaultTable {
+			denyConn.EgressNetworkPolicyType = registry.PolicyTypeK8sNetworkPolicy
+			denyConn.EgressNetworkPolicyRuleAction = flowexporter.RuleActionToUint8(disposition)
 		}
-		policy := c.GetNetworkPolicyByRuleFlowID(ruleID)
-		rule := c.GetRuleByFlowID(ruleID)
-
-		if policy == nil || rule == nil {
-			// Default drop by K8s NetworkPolicy
-			klog.V(4).Infof("Cannot find NetworkPolicy or rule that has ruleID %v", ruleID)
-		} else {
-			if tableID == openflow.AntreaPolicyIngressRuleTable {
+	} else { // Get name and namespace for Antrea Network Policy or Antrea Cluster Network Policy
+		for _, table := range openflow.GetAntreaPolicyIngressTables() {
+			if table == tableID {
 				denyConn.IngressNetworkPolicyName = policy.Name
 				denyConn.IngressNetworkPolicyNamespace = policy.Namespace
 				denyConn.IngressNetworkPolicyType = flowexporter.PolicyTypeToUint8(policy.Type)
 				denyConn.IngressNetworkPolicyRuleName = rule.Name
 				denyConn.IngressNetworkPolicyRuleAction = flowexporter.RuleActionToUint8(disposition)
-			} else if tableID == openflow.AntreaPolicyEgressRuleTable {
+			}
+		}
+		for _, table := range openflow.GetAntreaPolicyEgressTables() {
+			if table == tableID {
 				denyConn.EgressNetworkPolicyName = policy.Name
 				denyConn.EgressNetworkPolicyNamespace = policy.Namespace
 				denyConn.EgressNetworkPolicyType = flowexporter.PolicyTypeToUint8(policy.Type)