Don't block outgoing DoT traffic, iifname doesn't work in output

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2024-11-29 11:36:16 +01:00 · 2023-04-04 00:41:25 +02:00 · 2023-04-04 00:41:25 +02:00 · eec8f409d6
parent 634dafdf5a
commit eec8f409d6
1 changed files with 1 additions and 1 deletions
--- a/nixos/systems/blowhole/firewall.nix
+++ b/nixos/systems/blowhole/firewall.nix
@ -201,7 +201,7 @@ in
              oifname { "${wan}" } tcp dport 53 drop
              oifname { "${wan}" } udp dport 53 drop
              # Allow DoT traffic to leave through "wan" if it comes from "lo"
-              iifname != { "lo" } oifname { "${wan}" } tcp dport 853 drop
+              # iifname != { "lo" } oifname { "${wan}" } tcp dport 853 drop
            }
            chain forward {