From a2d6cf7dd46d39e1e53ac6f1cbc0bef117801a20 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 24 Apr 2025 14:09:02 -0700
Subject: [PATCH] nftables / osuosl: fix interface for ssh connections

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/templates/nftables/nftables.osuosl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/base/templates/nftables/nftables.osuosl b/roles/base/templates/nftables/nftables.osuosl
index fd1a171379..9dcf1d1d4c 100644
--- a/roles/base/templates/nftables/nftables.osuosl
+++ b/roles/base/templates/nftables/nftables.osuosl
@@ -25,7 +25,7 @@ add rule ip filter INPUT ip saddr {{ ip }} counter drop
 # vpn in from tun0
 add rule ip filter INPUT iifname "tun0" ip saddr 192.168.0.0/24 ct state new tcp dport 22 counter accept
 # external ip for iad2
-add rule ip filter INPUT iifname "tun0" ip saddr 38.145.60.0/24 ct state new tcp dport 22 counter accept
+add rule ip filter INPUT iifname "br0" ip saddr 38.145.60.0/24 ct state new tcp dport 22 counter accept
 
 # for nrpe - allow it from nocs
 add rule ip filter INPUT ip saddr 192.168.1.10  tcp dport 5666 counter accept