From b08326169f80ac3681b8b1bd357d6dfaea125075 Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Sat, 17 Jan 2026 11:49:12 -0500
Subject: [PATCH] cleanup network access

---
 networkpolicy.yaml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 networkpolicy.yaml

diff --git a/networkpolicy.yaml b/networkpolicy.yaml
new file mode 100644
index 0000000..4b7ce9a
--- /dev/null
+++ b/networkpolicy.yaml
@@ -0,0 +1,36 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: irc
+  namespace: irc
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: In
+        values:
+          - znc
+          - thelounge
+
+  policyTypes:
+    - Ingress
+    - Egress
+
+  ingress:
+    # Allow traffic only from pods in the same namespace
+    - from:
+        - podSelector: {}
+
+  egress:
+    # Allow traffic to pods in the same namespace
+    - to:
+        - podSelector: {}
+
+    # Allow traffic to public internet (RFC1918 explicitly blocked)
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+            except:
+              - 10.0.0.0/8
+              - 172.16.0.0/12
+              - 192.168.0.0/16
\ No newline at end of file