diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
index a90fb4070c6206d778a64a3f3e0f4a2b728967fa..01d23ca3fc8ceb62781313d247774b30e04f4985 100644
--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -1,7 +1,32 @@
 ---
 - name: Prepare
   hosts: "*"
+  # Defer fact gathering, or Python interpreter detection will fail. For some
+  # reason, as of 2024-12-18, the almalinux/8 Vagrant Box comes without Python3
+  # preinstalled. Because, why would it, right? So we have to install it first
+  # and only then can we gather any facts.
+  gather_facts: false
+  become: true
   pre_tasks:
+    - name: |
+        Almalinux 8 Vagrant Boxes come without Python installed, so we have to
+        prepare this before we can gather any facts.
+      block:
+        - name: Update package manager metadata
+          ansible.builtin.raw: "dnf makecache"
+        - name: Install Python3
+          ansible.builtin.raw: "dnf -y install python3.12"
+          become: true
+    - name: Gather facts now, after Python has been installed.
+      ansible.builtin.gather_facts:
+        parallel: true
+
+    - name: Write /etc/hosts file for all nodes, so we get name resolution.
+      ansible.builtin.lineinfile:
+        path: "/etc/hosts"
+        line: "{{ hostvars[item].ansible_all_ipv4_addresses | first }} {{ item }}"
+      loop: "{{ groups['all'] }}"
+
     - name: configure additional package repositories for Debian
       when: ansible_os_family == "Debian"
       block:
diff --git a/molecule/virtualbox_alma8/molecule.yml b/molecule/virtualbox_alma8/molecule.yml
index 781b114c0c49209f97a5019ec102a3ccf10c68ca..960221bfdb2d2dc41dec757365222b5fe23c05be 100644
--- a/molecule/virtualbox_alma8/molecule.yml
+++ b/molecule/virtualbox_alma8/molecule.yml
@@ -4,6 +4,11 @@ dependency:
   enabled: false
 driver:
   name: vagrant
+  provider:
+    # Can be any supported provider (virtualbox, parallels, libvirt, etc)
+    # Defaults to virtualbox
+    # name: libvirt
+    name: virtualbox
 platforms:
   # Check out the documentation at
   # https://github.com/ansible-community/molecule-vagrant#documentation
@@ -12,24 +17,38 @@ platforms:
     box: almalinux/8
     memory: 1024
     # List of raw Vagrant `config` options.
-    # provider_raw_config_args:
-    #   - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+    provider_raw_config_args:
+      - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
     # Dictionary of `config` options.
     config_options:
       ssh.keep_alive: true
       ssh.remote_user: "lza"
       disksize.size: '20GB'
+    interfaces:
+      - network_name: private_network
+        type: static
+        ip: 192.168.56.10
+        auto_config: true
+#        options:
+#          append_platform_to_hostname: no
   - name: vm-rosora-mol
     box: almalinux/8
     memory: 1024
     # List of raw Vagrant `config` options.
-    # provider_raw_config_args:
-    #   - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+    provider_raw_config_args:
+      - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
     # Dictionary of `config` options.
     config_options:
       ssh.keep_alive: true
       ssh.remote_user: "lza"
       disksize.size: '20GB'
+    interfaces:
+      - network_name: private_network
+        type: static
+        ip: 192.168.56.11
+        auto_config: true
+#        options:
+#          append_platform_to_hostname: no
 provisioner:
   name: ansible
   log: true
@@ -45,5 +64,9 @@ provisioner:
     converge: ../resources/playbooks/converge.yml
     prepare: ../resources/playbooks/prepare.yml
     verify: ../resources/playbooks/verify.yml
+  inventory:
+    group_vars:
+      all:
+        ansible_python_interpreter: "/usr/bin/python3.12"
 verifier:
   name: ansible
diff --git a/tasks/configure_iptables.yml b/tasks/configure_iptables.yml
index acab8b42d12cceec5fce6867dceaf801e9b6c464..c7a1f85f9aa1ba177542dc87317f6eca64da9918 100644
--- a/tasks/configure_iptables.yml
+++ b/tasks/configure_iptables.yml
@@ -44,6 +44,21 @@
   tags: [molecule-notest]
 # http://shouldiblockicmp.com
 
+- name: iptables-Regeln (IPv4) setzen - Chain INPUT
+  ansible.builtin.iptables:
+    action: "insert"
+    chain: "INPUT"
+    comment: "allow general access across the cluster"
+    ip_version: "ipv4"
+    jump: "ACCEPT"
+    protocol: "tcp"
+    source: "{{ item }}"
+    state: "present"
+    table: "filter"
+  loop: "{{ vault_iptables_input_cluster_general[ansible_hostname] }}"
+  notify:
+    - save iptables rules
+
 # TODO: Outgoing iptables Regeln erstellen, und bloß keine vergessen!!!
 
 ## Configure specific rules - Chain OUTPUT