Allow node-to-node communication.

2026-04-26 12:44:24 -04:00
parent 431a4fe18f
commit 1651cb54dd
1 changed files with 7 additions and 0 deletions
--- a/nix/kubernetes/roles/firewall/default.nix
+++ b/nix/kubernetes/roles/firewall/default.nix
@@ -49,6 +49,13 @@
      ''
        ip6 saddr 2620:11f:7001:7:ffff:eeee::/96 accept
      ''
      # Allow node-to-node communication
      # Needed for:
      #   - metallb port 7946
      ''
        iifname "enp*" ip saddr 10.215.1.0/24 ip daddr 10.215.1.0/24 accept
        iifname "enp*" ip6 saddr 2620:11f:7001:7:ffff:ffff:0ad7:0100/120 ip6 daddr 2620:11f:7001:7:ffff:ffff:0ad7:0100/120 accept
      ''
    ];
    # networking.firewall.extraInputRules = ''