firewall: accept VPN connections from inside also
People tend to leave WireGuard tunnels active and we don’t want things to become unreachable when moving to one of the inside networks.
This commit is contained in:
parent
c479f90669
commit
6dcae194d7
|
@ -41,8 +41,8 @@ table inet filter {
|
||||||
iif @link udp dport 3784 ip6 saddr fe80::/10 accept \
|
iif @link udp dport 3784 ip6 saddr fe80::/10 accept \
|
||||||
comment "Accept link-local BFD on fabric links"
|
comment "Accept link-local BFD on fabric links"
|
||||||
|
|
||||||
iif @outside udp dport 51820 accept \
|
udp dport 51820 accept \
|
||||||
comment "Accept WireGuard from outside"
|
comment "Accept WireGuard from anywhere"
|
||||||
|
|
||||||
iif {{ iface_sync }} ip6 saddr fe80::/10 udp dport 3780 accept \
|
iif {{ iface_sync }} ip6 saddr fe80::/10 udp dport 3780 accept \
|
||||||
comment "Accept connection tracking sync data"
|
comment "Accept connection tracking sync data"
|
||||||
|
|
Loading…
Reference in a new issue