I'm running a bare-metal installation with one Rancher node and three mixed etcd/controlplane/worker nodes. Because they are running in the Internet, I tried to restrict the firewall to only these ports mentioned on the Rancher website: https://rancher.com/docs/rancher/v2.x/en/installation/references/ The Rancher node is fully open. But after I restricted the other nodes, my cluster more or less crashed non-recoverable. Communication was abolutely not possible anymore. Rancher mentioned that no API is available on 10.x.x.x:6443