diff --git a/README.md b/README.md
index aa8477a..52312da 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,8 @@ use to configure it.
 | `TAILSCALE_SERVE_PORT` | The port number that you want to expose on your tailnet. This will be the port of your DokuWiki, Transmission, or other container.                                                                                                                                                                            | `80`                                     |
 | `TAILSCALE_SERVE_MODE` | The mode you want to run Tailscale serving in. This should be `https` in most cases, but there may be times when you need to enable `tls-terminated-tcp` to deal with some weird edge cases like HTTP long-poll connections. See [here](https://tailscale.com/kb/1242/tailscale-serve/) for more information. | `https`                                  |
 | `TAILSCALE_FUNNEL`     | Set this to `true`, `1`, or `t` to enable [funnel](https://tailscale.com/kb/1243/funnel/). For more information about the accepted syntax, please read the [strconv.ParseBool documentation](https://pkg.go.dev/strconv#ParseBool) in the Go standard library.                                                | `on`                                     |
+| `TAILSCALE_EXIT_NODE` | Set the exit node you'd like to use for the container. | `my-exit-node` or `100.101.165.3` |
+| `TAILSCALE_EXIT_NODE_ALLOW_LAN_ACCESS` | Optionally, set this to true to allow direct access to your local network when traffic is routed via an exit node. | `true` |
 
 Something important to keep in mind is that you really should set up a
 separate volume for Tailscale state. Here is how to do that with the
diff --git a/root/etc/s6-overlay/s6-rc.d/svc-tailscale-up/run b/root/etc/s6-overlay/s6-rc.d/svc-tailscale-up/run
index b66a70a..8245149 100755
--- a/root/etc/s6-overlay/s6-rc.d/svc-tailscale-up/run
+++ b/root/etc/s6-overlay/s6-rc.d/svc-tailscale-up/run
@@ -22,6 +22,19 @@ if [ -v TAILSCALE_BE_EXIT_NODE ]; then
     FLAGS="${FLAGS} --advertise-exit-node=${TS_BE_EXIT_NODE}"
 fi
 
+if [ -v TAILSCALE_EXIT_NODE ]; then
+    echo "[!] using ${TAILSCALE_EXIT_NODE} as an exit node."
+    FLAGS="${FLAGS} --exit-node=${TAILSCALE_EXIT_NODE}"
+
+    if [ "${TAILSCALE_EXIT_NODE_ALLOW_LAN_ACCESS}" = "true" ] ||
+        [ "${TAILSCALE_EXIT_NODE_ALLOW_LAN_ACCESS}" = "false" ]; then
+        echo "[!] configuring exit node LAN access to ${TAILSCALE_EXIT_NODE_ALLOW_LAN_ACCESS}"
+        FLAGS="${FLAGS} --exit-node-allow-lan-access=${TAILSCALE_EXIT_NODE_ALLOW_LAN_ACCESS}"
+    else
+        echo '[!] TAILSCALE_EXIT_NODE_ALLOW_LAN_ACCESS is not set to true or false. Skipping this setting.'
+    fi
+fi
+
 tailscale up $FLAGS
 
 # configure serve
@@ -37,7 +50,3 @@ fi
 if [ -v TAILSCALE_FUNNEL ]; then
     tailscale funnel 443 on
 fi
-
-
-
-