accept ping

hosts/architect/firewall.nix

@@ -121,10 +121,14 @@ in {
                     ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
                     ip saddr ${lan-net} accept comment "lan > local"
         	          ip saddr ${proxy-wg} accept comment "proxy > local"
+                    ip saddr {${lib.concatStringsSep "," gdevices-wg}} accept comment "vpn > local"
 
                     iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
                     iifname ${wan-if} udp dport {${open_udp_ports}} accept
-                    iifname ${vpn-if} accept comment "vpn > local"
+                    iifname ${vpn-if} tcp dport {${open_tcp_ports}} accept
+                    iifname ${vpn-if} udp dport {${open_udp_ports}} accept
+                    iifname ${vpn-if} udp dport 53 accept
+                    iifname ${vpn-if} icmp type echo-request accept
 
                     jump filter_drop
                   }