diff --git a/hetzner.cfg b/hetzner.cfg
index 60b7795..409516e 100644
--- a/hetzner.cfg
+++ b/hetzner.cfg
@@ -33,6 +33,9 @@ runcmd:
   - ufw allow 2222
   - ufw allow 51820/udp
   - ufw allow in on hjarl
+  - ufw allow in on cni0
+  - ufw allow in on flannel.1
+  - ufw allow routed
   - ufw enable
   - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
   - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config