diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix
index 2487be5..d51ee5d 100644
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@@ -120,11 +120,15 @@ in {
                     ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
                     ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
                     ip saddr ${lan-net} accept comment "lan > local"
-        	    ip saddr ${proxy-wg} accept comment "proxy > local"
+        	          ip saddr ${proxy-wg} accept comment "proxy > local"
+                    ip saddr {${lib.concatStringsSep "," gdevices-wg}} accept comment "vpn > local"
 
                     iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
                     iifname ${wan-if} udp dport {${open_udp_ports}} accept
-                    iifname ${vpn-if} accept comment "vpn > local"
+                    iifname ${vpn-if} tcp dport {${open_tcp_ports}} accept
+                    iifname ${vpn-if} udp dport {${open_udp_ports}} accept
+                    iifname ${vpn-if} udp dport 53 accept
+                    iifname ${vpn-if} icmp type echo-request accept
 
                     jump filter_drop
                   }