Protect host endpoints with Calico network policy.

Secure host network interfaces.

Customize the Calico failsafe policy to protect host endpoints.

To protect a host interface, start by creating a host endpoint object in etcd.

Apply ordered policies to endpoints that match specific label selectors.

Avoid cutting off connectivity to hosts because of incorrect network policies.

Apply rules in a host endpoint policy before any DNAT.

Learn the subtleties using the applyOnForward option in host endpoint policies.

How different host endpoint rules affect packet flows.

Workaround for Linux conntrack if Calico policy is not working as it should.