From 83a2a9cd46c8501b7d79b627ec8d0c4add507c6d Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Thu, 7 Dec 2023 09:01:36 +0100
Subject: [PATCH] allow dns from everywhere

---
 hosts/fw.cloonar.com/modules/firewall.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index a54f42f..daf9b3c 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -136,13 +136,14 @@
               "lan",
               "server",
               "vserver",
-              "podman1",
               "infrastructure",
               "wg_cloonar",
               "smart",
               "multimedia"
             } udp dport { 53, 67, 68 } counter accept
 
+            udp dport { 53 } counter accept
+
             # Accept mDNS for avahi reflection
             # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
             # iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept
@@ -187,7 +188,6 @@
 
             # lan and vpn to any
             # TODO: disable wan when finished
-            oifname { "server" } ip daddr 10.42.97.10 udp dport { 53 } accept
             iifname { "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar" } counter accept
             iifname { "lan", "server", "wg_cloonar" } oifname { "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
             iifname { "infrastructure" } oifname { "server", "vserver" } counter accept