Allow node-to-node communication.

2026-04-26 12:44:24 -04:00
parent 431a4fe18f
commit 1651cb54dd
1 changed files with 7 additions and 0 deletions
--- a/nix/kubernetes/roles/firewall/default.nix
+++ b/nix/kubernetes/roles/firewall/default.nix
@@ -49,6 +49,13 @@
      ''
        ip6 saddr 2620:11f:7001:7:ffff:eeee::/96 accept
      ''
+      # Allow node-to-node communication
+      # Needed for:
+      #   - metallb port 7946
+      ''
+        iifname "enp*" ip saddr 10.215.1.0/24 ip daddr 10.215.1.0/24 accept
+        iifname "enp*" ip6 saddr 2620:11f:7001:7:ffff:ffff:0ad7:0100/120 ip6 daddr 2620:11f:7001:7:ffff:ffff:0ad7:0100/120 accept
+      ''
    ];

    # networking.firewall.extraInputRules = ''