From 0c406058e9eb939d9d3212fabdbc3b123d635a7e Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Wed, 12 Feb 2025 21:54:01 +0000
Subject: [PATCH] remove acceotance of udp sport 5 on wan

this was added for replies to dns queries but isn't needed for
that purpose as connection tracking does that anyway
---
 modules/firewall/default-rules.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/modules/firewall/default-rules.nix b/modules/firewall/default-rules.nix
index 81187b9..bc91453 100644
--- a/modules/firewall/default-rules.nix
+++ b/modules/firewall/default-rules.nix
@@ -200,9 +200,7 @@ in
     type = "filter";
     family = "ip";
 
-    rules = [
-      (accept "udp sport 53")
-    ];
+    rules = [];
   };
 
   input-ip4 = {