From eec8f409d64756bcd296b8c4867e471b74cc54c7 Mon Sep 17 00:00:00 2001
From: Magic_RB <magic_rb@redalder.org>
Date: Tue, 4 Apr 2023 00:41:25 +0200
Subject: [PATCH] Don't block outgoing DoT traffic, iifname doesn't work in
 output

Signed-off-by: Magic_RB <magic_rb@redalder.org>
---
 nixos/systems/blowhole/firewall.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/systems/blowhole/firewall.nix b/nixos/systems/blowhole/firewall.nix
index 4580654..efbac0b 100644
--- a/nixos/systems/blowhole/firewall.nix
+++ b/nixos/systems/blowhole/firewall.nix
@@ -201,7 +201,7 @@ in
               oifname { "${wan}" } tcp dport 53 drop
               oifname { "${wan}" } udp dport 53 drop
               # Allow DoT traffic to leave through "wan" if it comes from "lo"
-              iifname != { "lo" } oifname { "${wan}" } tcp dport 853 drop
+              # iifname != { "lo" } oifname { "${wan}" } tcp dport 853 drop
             }
 
             chain forward {