From 51100a76ccecbc2bf946d4950a3b4dabe63b0713 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Fri, 12 Jan 2024 13:16:37 -0600
Subject: [PATCH] enable dns from containers --> local

---
 config-parts/firewall-ipv4.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config-parts/firewall-ipv4.sh b/config-parts/firewall-ipv4.sh
index 7576197..d4f708a 100644
--- a/config-parts/firewall-ipv4.sh
+++ b/config-parts/firewall-ipv4.sh
@@ -413,6 +413,10 @@ set firewall ipv4 name containers-lan rule 999 log
 set firewall ipv4 name containers-local default-action 'drop'
 set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
 set firewall ipv4 name containers-local default-log
+set firewall ipv4 name containers-local rule 40 action 'accept'
+set firewall ipv4 name containers-local rule 40 description 'Rule: accept_dns'
+set firewall ipv4 name containers-local rule 40 destination port 'domain,domain-s'
+set firewall ipv4 name containers-local rule 40 protocol 'tcp_udp'
 set firewall ipv4 name containers-local rule 50 action 'accept'
 set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
 set firewall ipv4 name containers-local rule 50 destination port '67,68'