diff --git a/content/k3s/latest/en/known-issues/_index.md b/content/k3s/latest/en/known-issues/_index.md index 8107e8a745..86991f2127 100644 --- a/content/k3s/latest/en/known-issues/_index.md +++ b/content/k3s/latest/en/known-issues/_index.md @@ -15,3 +15,12 @@ If you are running iptables in nftables mode instead of legacy you might encount **RootlessKit** Running K3s with RootlessKit is experimental and has several [known issues.]({{}}/k3s/latest/en/advanced/#known-issues-with-rootlesskit) + +**Ufw** + +UFW firewall rules are evaluated prior to the kube-proxy rules, so traffic to cluster services can be blocked. Traffic from the service and pod networks should be allowed in ufw to ensure that the kube-proxy rules are evaluated. Given the default values, the following will allow traffic from those network through the ufw portion, before reaching the kube-proxy rules. + +``` +sudo ufw allow from 10.42.0.0/16 to any +sudo ufw allow from 10.43.0.0/16 to any +```