diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix
index 1b0151b..1f43c40 100644
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@@ -132,12 +132,17 @@ in
           chain FORWARD {
             type filter hook forward priority filter; policy drop;
             ct state established,related accept
+
+            # client to client
+            ip saddr {${lib.concatStringsSep "," c2c-wg}} ip daddr {${
+               lib.concatStringsSep "," c2c-wg
+            }} accept                    
                     
             # nat to wan
             oifname ${wan-if} ip saddr {${
               lib.concatStringsSep "," towan-wg
             }} accept
-                    
+
             oifname ${wan-if} ip saddr ${docker-net} accept
             oifname ${wan-if} ip saddr ${tailscale-net} accept
                     
diff --git a/hosts/architect/network.nix b/hosts/architect/network.nix
index 06db4ff..5829676 100644
--- a/hosts/architect/network.nix
+++ b/hosts/architect/network.nix
@@ -56,7 +56,8 @@ rec {
   dodino-ts = "100.106.244.35";
 
   framecca-devices = [ framecca-wg framecca_one-wg framecca_three-wg framecca_four-wg ];
-
+  c2c-wg = framecca-devices;
+  
   # groups
   gdevices = [ giuliophone-ts architect-ts giuliopc-ts dodino-ts ];
   towan-wg = [ shield-wg parina-wg parina-ipad-wg germano-wg ] ++ framecca-devices;