diff --git a/nix/kubernetes/roles/firewall/default.nix b/nix/kubernetes/roles/firewall/default.nix
index 984fed03..d69f1c83 100644
--- a/nix/kubernetes/roles/firewall/default.nix
+++ b/nix/kubernetes/roles/firewall/default.nix
@@ -49,6 +49,13 @@
       ''
         ip6 saddr 2620:11f:7001:7:ffff:eeee::/96 accept
       ''
+      # Allow node-to-node communication
+      # Needed for:
+      #   - metallb port 7946
+      ''
+        iifname "enp*" ip saddr 10.215.1.0/24 ip daddr 10.215.1.0/24 accept
+        iifname "enp*" ip6 saddr 2620:11f:7001:7:ffff:ffff:0ad7:0100/120 ip6 daddr 2620:11f:7001:7:ffff:ffff:0ad7:0100/120 accept
+      ''
     ];
 
     # networking.firewall.extraInputRules = ''