diff --git a/nixos/systems/blowhole/firewall.nix b/nixos/systems/blowhole/firewall.nix
index 4580654..efbac0b 100644
--- a/nixos/systems/blowhole/firewall.nix
+++ b/nixos/systems/blowhole/firewall.nix
@@ -201,7 +201,7 @@ in
               oifname { "${wan}" } tcp dport 53 drop
               oifname { "${wan}" } udp dport 53 drop
               # Allow DoT traffic to leave through "wan" if it comes from "lo"
-              iifname != { "lo" } oifname { "${wan}" } tcp dport 853 drop
+              # iifname != { "lo" } oifname { "${wan}" } tcp dport 853 drop
             }
 
             chain forward {