diff --git a/infrastructure/firewall.tf b/infrastructure/firewall.tf
new file mode 100644
index 0000000..db3c130
--- /dev/null
+++ b/infrastructure/firewall.tf
@@ -0,0 +1,25 @@
+resource "hcloud_firewall" "k8s_nodes_firewall" {
+  name = "k8s-nodes"
+  rule {
+    direction = "in"
+    protocol  = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  apply_to {
+    label_selector = "cluster=icb4dc0.de"
+  }
+}
\ No newline at end of file
diff --git a/infrastructure/k8s_cluster.tf b/infrastructure/k8s_cluster.tf
index 6954b4e..0e947a6 100644
--- a/infrastructure/k8s_cluster.tf
+++ b/infrastructure/k8s_cluster.tf
@@ -1,27 +1,3 @@
-# resource "hcloud_primary_ip" "cp1_ip6" {
-#   name          = "cp1_ip6"
-#   datacenter    = "hel1-dc2"
-#   type          = "ipv6"
-#   assignee_type = "server"
-#   auto_delete   = false
-# }
-
-# resource "hcloud_primary_ip" "worker1_ip6" {
-#   name          = "worker1_ip6"
-#   datacenter    = "hel1-dc2"
-#   type          = "ipv6"
-#   assignee_type = "server"
-#   auto_delete   = false
-# }
-
-# resource "hcloud_primary_ip" "worker2_ip6" {
-#   name          = "worker2_ip6"
-#   datacenter    = "hel1-dc2"
-#   type          = "ipv6"
-#   assignee_type = "server"
-#   auto_delete   = false
-# }
-
 resource "hcloud_network" "k8s_net" {
   name     = "k8s-net"
   ip_range = "172.16.0.0/12"