# ---------------------------------------------------- # Ingress only from Gateway API # ---------------------------------------------------- apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-ingress namespace: slskd spec: endpointSelector: matchLabels: app: slskd ingress: - fromEntities: - ingress toPorts: - ports: - port: "5030" protocol: TCP - port: "8008" protocol: TCP --- # ---------------------------------------------------- # VPN killswitch — only allow egress to ProtonVPN endpoint # All other internet traffic is blocked, forcing it through the tunnel # ---------------------------------------------------- apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: vpn-killswitch namespace: slskd spec: endpointSelector: matchLabels: app: slskd egress: - toCIDR: - "149.50.216.205/32" toPorts: - ports: - port: "51820" protocol: UDP - toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s-app: kube-dns toPorts: - ports: - port: "53" protocol: UDP - port: "53" protocol: TCP rules: dns: - matchPattern: "*"