Can't filter internet traffic from node-local traffic

[Tacklebox]

Environmental Info:
K3s Version:

% k3s -v
k3s version v1.31.4+k3s1 (a562d09)
go version go1.22.9

Node(s) CPU architecture, OS, and Version:

% uname -a
Linux debian-4gb-nbg1-1 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) x86_64 GNU/Linux

Cluster Configuration:
Just a single deb server on hetzner

Describe the bug:

I want some services only available to the host and some available to the internet at large, but adding a middleware allowlist with 127.0.0.1/32 blocks host and external, and 10.0.0.0/8 allows both host and external.

Steps To Reproduce:

• Installed K3s: curl | sh from the website with no additional flags

Expected behavior:

allowlisting 127.0.0.1 should allow traffic from the host and not the rest of the world.
and/or there should be a way to specify traffic from the host?

Actual behavior:

allowlisting 127.0.0.1 allows nothing.
Additional context / logs:

I tried setting up the whoami image to debug. curl on the actual server running k3s has the same output as running curl whoami.mydomain.com remotely from my laptop.

Host: whoami.mydomain.com
User-Agent: curl/8.7.1
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.42.0.1
X-Forwarded-Host: whoami.mydomain.com
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-57b79cf995-8lgw8
X-Real-Ip: 10.42.0.1