diff --git a/nixos/modules/monitoring/exporters/node.nix b/nixos/modules/monitoring/exporters/node.nix
index 04b8ce3ecb69616111be8d74a8a7a2ca01782048..62702e82f1e0a6bd9effae871f275c5dd23a37ae 100644
--- a/nixos/modules/monitoring/exporters/node.nix
+++ b/nixos/modules/monitoring/exporters/node.nix
@@ -17,6 +17,7 @@ in {
   config.services.prometheus.exporters.node = {
     enable = true;
     openFirewall = true;
+    firewallFilter = "-i monitoringvpn -p tcp -m tcp --dport 9100";
     port = 9100;
     # extraFlags = [ "--collector.disable-defaults" ]; # not in nixpkgs 19.09
     # Thanks https://github.com/mayflower/nixexprs/blob/master/modules/monitoring/default.nix