fix

author: Kjetil Orbekk <kj@orbekk.com> 2023-10-07 12:07:45 -0400
committer: Kjetil Orbekk <kj@orbekk.com> 2023-10-07 12:07:45 -0400
commit: e34a984b21e4daef9a8dc133e994b1bf4ad55ce6 (patch)
tree: 88feb37d1509e12d6e84c3841e2e9b90ea571571
parent: 034e42f942bd62c61ceca02be2d876b4f482cbf5 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/modules/router.nix b/modules/router.nix
index 5864eb3..29de644 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -219,11 +219,13 @@ let
             ip6 nexthdr ipv6-icmp limit rate 4/second counter accept comment "accept all ICMP types"
 
             ct state vmap { established : accept, related : accept, invalid : drop }
+
             # Don't allow accidental vpn forwarding to wan.
             iifname vpnlan-vport oifname wan-vport counter reject
             oifname he0 counter accept
             oifname wan-vport counter accept
             oifname mullvad counter accept
+            iifname wg-vpn oifname wg-vpn counter accept
 
             # Transmission
             ip daddr 172.20.20.2 th dport {9091, 56732} counter accept;
author	Kjetil Orbekk <kj@orbekk.com>	2023-10-07 12:07:45 -0400
committer	Kjetil Orbekk <kj@orbekk.com>	2023-10-07 12:07:45 -0400
commit	e34a984b21e4daef9a8dc133e994b1bf4ad55ce6 (patch)
tree	88feb37d1509e12d6e84c3841e2e9b90ea571571
parent	034e42f942bd62c61ceca02be2d876b4f482cbf5 (diff)