diff --git a/networkpolicy.yaml b/networkpolicy.yaml
index 4b7ce9a..469d214 100644
--- a/networkpolicy.yaml
+++ b/networkpolicy.yaml
@@ -17,16 +17,20 @@ spec:
     - Egress
 
   ingress:
-    # Allow traffic only from pods in the same namespace
+    # Allow all in-namespace traffic (includes Service -> Pod, Gateway -> Service -> Pod)
     - from:
-        - podSelector: {}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: irc
 
   egress:
-    # Allow traffic to pods in the same namespace
+    # Allow in-namespace pod communication
     - to:
-        - podSelector: {}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: irc
 
-    # Allow traffic to public internet (RFC1918 explicitly blocked)
+    # Allow public internet only (block RFC1918)
     - to:
         - ipBlock:
             cidr: 0.0.0.0/0