output of

sudo ifconfig

output of

sudo route -n

I do recognize that there's both the flannel-wg and flannel1.1 interfaces. I think something is interfering with the iptables rules since I only see ingress rules present in the iptables output. ... and sure enough the k3s agent logs have stuff like this:

Mar 20 02:31:25 kessler k3s[1052]: E0320 02:31:25.949679    1052 iptables.go:291] Failed to bootstrap IPTables: failed to setup iptables-restore payload: failed to check rule existence: running [/sbin/iptables -t nat -C FLANNEL-POSTRTG -s 10.42.0.0/16 ! -d 224.0.0.0/4 -m comment --comment flanneld masq -j MASQUERADE  --wait]: exit status 2: Bad argument `'
Mar 20 02:31:25 kessler k3s[1052]: Try `iptables -h' or 'iptables --help' for more information.
Mar 20 02:31:26 kessler k3s[1052]: I0320 02:31:26.001850    1052 iptables.go:405] Some iptables rules are missing; deleting and recreating rules

running that command manually shows part of the error was cut off:

# /sbin/iptables -t nat -C FLANNEL-POSTRTG -s 10.42.0.0/16 ! -d 224.0.0.0/4 -m comment --comment flanneld masq -j MASQUERADE  --wait
Bad argument `masq'
Try `iptables -h' or 'iptables --help' for more information.

... lol someone did the same exact 8.8.8.8 packet capture I did when they opened this github issue: https://github.com/k3s-io/k3s/issues/7096

and the fix suggested to use the

--prefer-bundled-bin

option did the trick. It's probably time to upgrade the ubuntu distro too.