From 1fc46a93fe982c29e3eb9655c6ce882266a998fa Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Fri, 15 Sep 2023 09:55:51 -0500
Subject: [PATCH] Allowing DNS from LAN.

---
 config-parts/firewall-name.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config-parts/firewall-name.sh b/config-parts/firewall-name.sh
index 3f99040..1531782 100644
--- a/config-parts/firewall-name.sh
+++ b/config-parts/firewall-name.sh
@@ -192,6 +192,10 @@ set firewall name lan-iot rule 999 log 'enable'
 set firewall name lan-local default-action 'drop'
 set firewall name lan-local description 'From LAN to LOCAL'
 set firewall name lan-local enable-default-log
+set firewall name lan-local rule 40 action 'accept'
+set firewall name lan-local rule 40 description 'Rule: accept_dns'
+set firewall name lan-local rule 40 destination port 'domain,domain-s'
+set firewall name lan-local rule 40 protocol 'tcp_udp'
 set firewall name lan-local rule 50 action 'accept'
 set firewall name lan-local rule 50 description 'Rule: accept_dhcp'
 set firewall name lan-local rule 50 destination port '67,68'