diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml
index 7686679..bc0ec8f 100644
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@@ -57,9 +57,7 @@
       community.general.ufw:
         rule: allow
         src: '{{ item }}'
-      loop:
-        - 10.42.0.0/16  # Pods
-        - 10.43.0.0/16  # Services
+      loop: "{{ (cluster_cidr + ',' + service_cidr) | split(',') }}"
 
 - name: Allow Firewalld Exceptions
   when:
@@ -90,9 +88,7 @@
         state: enabled
         permanent: true
         immediate: true
-      loop:
-        - 10.42.0.0/16  # Pods
-        - 10.43.0.0/16  # Services
+      loop: "{{ (cluster_cidr + ',' + service_cidr) | split(',') }}"
 
 - name: Add br_netfilter to /etc/modules-load.d/
   ansible.builtin.copy:
diff --git a/roles/prereq/vars/main.yml b/roles/prereq/vars/main.yml
new file mode 100644
index 0000000..0ea00d5
--- /dev/null
+++ b/roles/prereq/vars/main.yml
@@ -0,0 +1,3 @@
+---
+cluster_cidr: "{{ (server_config_yaml | from_yaml)['cluster-cidr'] | default('10.42.0.0/16') }}"
+service_cidr: "{{ (server_config_yaml | from_yaml)['service-cidr'] | default('10.43.0.0/16') }}"