# Network Policies Review

## Overview

Network Policies have been created to restrict pod-to-pod communication in the besu-network namespace.

## Policies Created

### 1. default-deny-all
- **Purpose**: Default deny all traffic
- **Scope**: All pods in namespace
- **Status**: ✅ Created

### 2. allow-validator-internal
- **Purpose**: Allow validators to communicate with sentries and other validators
- **Scope**: Validator pods
- **Ports**: 30303 (TCP/UDP), 9545 (TCP)
- **Status**: ✅ Created

### 3. allow-sentry-p2p
- **Purpose**: Allow sentries to accept P2P connections
- **Scope**: Sentry pods
- **Ports**: 30303 (TCP/UDP), 9545 (TCP)
- **Status**: ✅ Created

### 4. allow-rpc-http
- **Purpose**: Allow RPC nodes to receive HTTP traffic from gateway
- **Scope**: RPC pods
- **Ports**: 8545, 8546, 9545 (TCP)
- **Status**: ✅ Created

### 5. allow-gateway-external
- **Purpose**: Allow gateway to receive external traffic and forward to RPC nodes
- **Scope**: Gateway pods
- **Ports**: 80, 443 (TCP)
- **Status**: ✅ Created

## Validation

Run the validation script:
```bash
./scripts/validation/validate-network-policies.sh
```

## Application

Apply Network Policies:
```bash
kubectl apply -f k8s/network-policies/default-deny.yaml
```

## Testing

Test pod-to-pod communication restrictions to ensure policies are working correctly.