From b13285f66c233471bd982c653949f1640b941f66 Mon Sep 17 00:00:00 2001
From: Lars Ekman <uablrek@gmail.com>
Date: Tue, 2 Jul 2024 14:54:01 +0200
Subject: [PATCH] Accept all traffic to lo

---
 pkg/networkpolicy/controller.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/networkpolicy/controller.go b/pkg/networkpolicy/controller.go
index 2892edb..0309d52 100644
--- a/pkg/networkpolicy/controller.go
+++ b/pkg/networkpolicy/controller.go
@@ -665,6 +665,11 @@ func (c *Controller) syncNFTablesRules(ctx context.Context) error {
 			Rule: knftables.Concat(
 				"ct", "state", "established,related", "accept"),
 		})
+		tx.Add(&knftables.Rule{
+			Chain: chainName,
+			Rule: knftables.Concat(
+				"oif", "lo", "accept"),
+		})
 
 		action := fmt.Sprintf("queue num %d", c.config.QueueID)
 		if c.config.FailOpen {