From cc8debb11134a291131b92e715b4ff3415187c67 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Sun, 6 Oct 2024 22:35:32 -0700
Subject: [PATCH] Open DNS port for UDP.

It seems like disabling the firewall only really disables it for TCP,
not UDP as well.
---
 lib/fudo/adguard-dns-proxy.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/fudo/adguard-dns-proxy.nix b/lib/fudo/adguard-dns-proxy.nix
index cb88c0a..5f118c5 100644
--- a/lib/fudo/adguard-dns-proxy.nix
+++ b/lib/fudo/adguard-dns-proxy.nix
@@ -258,6 +258,11 @@ in {
       };
     };
 
+    networking.firewall = {
+      allowedTCPPorts = [ cfg.dns.listen-port ];
+      allowedUDPPorts = [ cfg.dns.listen-port ];
+    };
+
     systemd.services.adguard-dns-proxy =
       let configFile = "/run/adguard-dns-proxy/config.yaml";
       in {