I had the similar question about securing Kubernetes with a firewall but nobody had answered yet. Kubernetes + Docker + iptables
As far as I understood, kubernetes’ nodes are not supposed to have white IP addresses. You need an external router, which connects your cluster with the Internet and opens the only resourses you want to expose. You can use a virtual or hardware router depends on your cluster location.
PS I do not recommend you to manually change any system services, in 99% you will mess up the kubernetes networking.