From 9c945da3cc09f4cb30f3d101e1b9b6632ce021c7 Mon Sep 17 00:00:00 2001
From: Riccardo Pressiani <riccardo.pressiani@gmail.com>
Date: Mon, 10 Nov 2025 12:31:11 -0500
Subject: [PATCH] feat: add ufw allow inter-node ports (#460)

Signed-off-by: Riccardo Pressiani <riccardo.pressiani@gmail.com>
---
 roles/prereq/tasks/main.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml
index aba24a1..5ca1a5a 100644
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@@ -63,6 +63,20 @@
         port: "2379:2381"
         proto: tcp
 
+    - name: If ufw enabled, open inter-node ports
+      when:
+        - "'Status: active' in prereq_ufw_status['stdout']"
+      community.general.ufw:
+        rule: allow
+        port: "{{ item.port }}"
+        proto: "{{ item.proto }}"
+      loop:
+        - { port: "5001", proto: "tcp" }    # Spegel (Embedded distributed registry)
+        - { port: "8472", proto: "udp" }    # Flannel VXLAN
+        - { port: "10250", proto: "tcp" }   # Kubelet metrics
+        - { port: "51820", proto: "udp" }   # Flannel Wireguard (IPv4)
+        - { port: "51821", proto: "udp" }   # Flannel Wireguard (IPv6)
+
     - name: If ufw enabled, allow default CIDRs
       when:
         - "'Status: active' in prereq_ufw_status['stdout']"