From 7a52e1907c214cc1dc2bc70d8a0afda307c039c9 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Fri, 20 Jun 2025 14:47:55 +0200
Subject: [PATCH] Restrict DAC VPN to fox-ipmi machine only
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Aleix Boné <abonerib@bsc.es>
---
 m/module/vpn-dac.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/m/module/vpn-dac.nix b/m/module/vpn-dac.nix
index 5e8e67a..e677c73 100644
--- a/m/module/vpn-dac.nix
+++ b/m/module/vpn-dac.nix
@@ -26,8 +26,9 @@
         auth-user-pass ${config.age.secrets.vpn-dac-login.path}
         reneg-sec 0
 
-	# Ignore 10.0.0.0 route as is not needed
-        pull-filter ignore "route 10.0.0.0"
+        # Only route fox-ipmi
+        pull-filter ignore "route "
+        route 147.83.35.27 255.255.255.255
       '';
     };
   };