From 3b4b56f53fd3a281eff1e414a413ca79b7eeb8f1 Mon Sep 17 00:00:00 2001
From: il <il@ilnmors.internal>
Date: Thu, 7 May 2026 09:22:49 +0900
Subject: [PATCH] fix(nftables): update fw nftables to allow vpn connection
 regardless of crowdsec ban

---
 config/node/fw/nftables.conf.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/node/fw/nftables.conf.j2 b/config/node/fw/nftables.conf.j2
index df87b6f..ff3a85f 100644
--- a/config/node/fw/nftables.conf.j2
+++ b/config/node/fw/nftables.conf.j2
@@ -82,6 +82,8 @@ table inet filter {
         chain global {
                 # invalid packets
                 ct state invalid drop comment "deny invalid connection"
+                # VPN connection exception handling
+                udp dport $PORTS_VPN return comment "return vpn connection to input and forward chain"
                 # crowdsec
                 ip saddr @crowdsec-blacklists counter drop comment "deny all crowdsec blacklist"
                 ip6 saddr @crowdsec6-blacklists counter drop comment "deny all ipv6 crowdsec blacklist"