diff --git a/README.md b/README.md
index 7697219..5f63078 100644
--- a/README.md
+++ b/README.md
@@ -70,6 +70,13 @@ https://robot.hetzner.com/server to only allow incoming ssh, http,
 https requests for both IPv4 & IPv6. Each server has a "Firewall" tab
 that provides control over this firewall.
 
+The firewall applies to the VLAN too. The 10.0.0.0/8 source address
+must therefore be allowed explicitly for IPv4 and that must be the
+first rule of the firewall.
+
+A template "k8s" was defined that can be used for sharing the same
+rules between multiple k8s nodes.
+
 ## nftables
 
 ```sh