From 4a9a8764def6f1a1a503707e17cce8a9dd41e469 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 3 May 2019 18:11:40 +0200
Subject: firewall: since DNS is a blacklist, we have to exclude our own
 interface

---
 service/firewall/blocker.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'service/firewall/blocker.go')

diff --git a/service/firewall/blocker.go b/service/firewall/blocker.go
index d0f39a90..8ef26278 100644
--- a/service/firewall/blocker.go
+++ b/service/firewall/blocker.go
@@ -198,7 +198,7 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error {
 		}
 
 		if restrictDNS {
-			err = blockDnsUnmatched(session, baseObjects)
+			err = blockDnsNonTun(session, baseObjects, luid)
 			if err != nil {
 				return wrapErr(err)
 			}
-- 
cgit v1.2.3-59-g8ed1b