firewall: accept VPN connections from inside also

People tend to leave WireGuard tunnels active and we don’t want things
to become unreachable when moving to one of the inside networks.
This commit is contained in:
Timotej Lazar 2024-04-08 15:03:29 +02:00
parent c479f90669
commit 6dcae194d7

View file

@ -41,8 +41,8 @@ table inet filter {
iif @link udp dport 3784 ip6 saddr fe80::/10 accept \ iif @link udp dport 3784 ip6 saddr fe80::/10 accept \
comment "Accept link-local BFD on fabric links" comment "Accept link-local BFD on fabric links"
iif @outside udp dport 51820 accept \ udp dport 51820 accept \
comment "Accept WireGuard from outside" comment "Accept WireGuard from anywhere"
iif {{ iface_sync }} ip6 saddr fe80::/10 udp dport 3780 accept \ iif {{ iface_sync }} ip6 saddr fe80::/10 udp dport 3780 accept \
comment "Accept connection tracking sync data" comment "Accept connection tracking sync data"