From 6b6377012c12555becfaf19dd8770be8ac3f6230 Mon Sep 17 00:00:00 2001
From: Lars Ekman <uablrek@gmail.com>
Date: Tue, 2 Jul 2024 14:54:01 +0200
Subject: [PATCH] Accept all traffic to lo

---
 pkg/networkpolicy/controller.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/networkpolicy/controller.go b/pkg/networkpolicy/controller.go
index 014742d..4b536e7 100644
--- a/pkg/networkpolicy/controller.go
+++ b/pkg/networkpolicy/controller.go
@@ -693,6 +693,11 @@ func (c *Controller) syncNFTablesRules(ctx context.Context) error {
 			Rule: knftables.Concat(
 				"ct", "state", "established,related", "accept"),
 		})
+		tx.Add(&knftables.Rule{
+			Chain: chainName,
+			Rule: knftables.Concat(
+				"oif", "lo", "accept"),
+		})
 
 		action := fmt.Sprintf("queue num %d", c.config.QueueID)
 		if c.config.FailOpen {