Hi,
I have a very simple use case, I need to whitelist certain IPs (and reject the rest) so it can access traefik on a k3s node. I want it to be blocked on firewall level, not on the ingress, nor in pod level.
I assume this cannot be done with network policy, and anyway I don’t need any granular blocking.
My problem is UFW is not working.
I need the ufw deny rule for port 80 and port 43 to be respected, along with allow rule for certain IPs.
I learned that Kubernetes (Flannel?) in genera is using IPtables internally to forward traffic form port 80/443 to the traefik, and the rules is up above UFW’s.
With Docker, the usual solution is something like so: GitHub - chaifeng/ufw-docker: To fix the Docker and UFW security flaw without disabling iptables.With k3s I’m not sure where to start. 
Any clue how to solve this problem? Thank you in advance