From 6bc560b66a5fbf967d602702535b77a6886a30c3 Mon Sep 17 00:00:00 2001
From: Gregory Colpart <reg@evolix.fr>
Date: Fri, 13 Mar 2015 01:55:13 +0100
Subject: [PATCH] Add default rule for IPv6 DNS responses

---
 firewall.rc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/firewall.rc b/firewall.rc
index 23a5faa..3afb205 100644
--- a/firewall.rc
+++ b/firewall.rc
@@ -81,6 +81,7 @@ NTPOK='0.0.0.0/0'
 /sbin/ip6tables -A INPUT -i $INT -p tcp --sport 80 --match state --state ESTABLISHED,RELATED -j ACCEPT
 /sbin/ip6tables -A INPUT -i $INT -p tcp --sport 443 --match state --state ESTABLISHED,RELATED -j ACCEPT
 /sbin/ip6tables -A INPUT -i $INT -p tcp --sport 25 --match state --state ESTABLISHED,RELATED -j ACCEPT
+/sbin/ip6tables -A INPUT -i $INT -p udp --sport 53 --match state --state ESTABLISHED,RELATED -j ACCEPT
 /sbin/ip6tables -A INPUT -i $INT -p tcp --sport 53 --match state --state ESTABLISHED,RELATED -j ACCEPT
 
 # Allow Output DNS, NTP and traceroute traffic