diff --git a/roles/pf/templates/pf.conf.gw_dna.j2 b/roles/pf/templates/pf.conf.gw_dna.j2
index 46ddf60..53514da 100644
--- a/roles/pf/templates/pf.conf.gw_dna.j2
+++ b/roles/pf/templates/pf.conf.gw_dna.j2
@@ -46,8 +46,7 @@ pass in quick on $ext_if proto tcp from 37.16.96.144/28 to self port ssh
 pass in quick on $ext_if proto tcp from {{ gw_home_ip }}/32 to self port ssh
 pass in quick on $ext_if proto tcp from {{ gw_lan_ip }}/32 to self port ssh
 
-# node_exporter and unbound_exporter from internal network
-pass in quick on $int_if proto tcp from $int_net to self port 9100
+# unbound_exporter from internal network
 pass in quick on $int_if proto tcp from $int_net to self port 9167
 
 # allow dhcpd failover
@@ -69,6 +68,9 @@ pass in quick on $int_if proto udp from $int_net to self port ntp
 pass in quick proto tcp from any to self port http
 pass in quick proto tcp from any to self port https
 
+# allow node exporter from outside (to proxy clients)
+pass in quick proto tcp from $int_net to self port 9100
+
 # block rest of packets coming to me
 block in quick from any to self