diff --git a/manifests/init.pp b/manifests/init.pp
index 1a8349759069e19bfd45171bec3386637157747f..f8d3bd0e1bbbfba9d7e1928d22e0da2e29a98b77 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -45,4 +45,17 @@ class egg (
     family  => 'ipv4',
     zone    => 'liu',
   }
+  server_firewall::address_set { 'liu_itn_vpn':
+    addresses => [
+      '10.8.0.0/16',
+    ],
+  }
+
+  firewalld_rich_rule { 'allow ssh via itn vpn':
+    action  => 'accept',
+    service => 'ssh',
+    source  => { 'ipset' => 'liu_itn_vpn_v4', },
+    family  => 'ipv4',
+    zone    => 'liu',
+  }
 }