From 6d19f59b085d162d25c027d3d7014aefd95020ee Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Wed, 5 Oct 2022 20:04:41 -0400
Subject: Trust vpn traffic

---
 data/aliases.nix            | 2 +-
 modules/simple-firewall.nix | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/aliases.nix b/data/aliases.nix
index 6f8d5f4..95d8ebe 100644
--- a/data/aliases.nix
+++ b/data/aliases.nix
@@ -55,6 +55,6 @@ rec {
     hledger-web = { port = 11116; };
     prometheus-pms7003-exporter = { host = "172.20.100.10"; port = 11117; };
     keycloak = { http-port = 11118; https-port = 11119; };
-    bridge = { host = "pincer"; port = 11120; };
+    bridge = { host = "pincer.nyc.orbekk.com"; port = 11120; };
   };
 }
diff --git a/modules/simple-firewall.nix b/modules/simple-firewall.nix
index c2ed26b..3c69d5d 100644
--- a/modules/simple-firewall.nix
+++ b/modules/simple-firewall.nix
@@ -55,6 +55,8 @@ in
           ip protocol icmp limit rate 4/second counter accept
           ip6 nexthdr ipv6-icmp limit rate 4/second counter accept
 
+	  ip6 saddr 2001:470:8e2e:1000::/64 counter accept
+
           tcp dport @allowed_tcp_ports counter accept
           udp dport @allowed_udp_ports counter accept
 
-- 
cgit v1.2.3