diff --git a/tasks/iptables.yml b/tasks/iptables.yml
index 9cdb9b4..7e91c04 100644
--- a/tasks/iptables.yml
+++ b/tasks/iptables.yml
@@ -25,6 +25,15 @@
     jump: ACCEPT
     comment: allow ping from the world
 
+- name: Allow node exporter from VPN
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination: "{{ openvpn_subnet }}"
+    destination_port: "9100"
+    jump: ACCEPT
+    comment: allow node exporter from vpn
+
 - name: Deny input connections by default
   ansible.builtin.iptables:
     chain: INPUT