From ac997386a90fe5da77905d02d734364af192c9f5 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sat, 5 Jul 2014 15:56:22 +0200
Subject: [PATCH] gluon-firewall: reject DNS queries from br-client (they
 should be accepted on local-node only)

---
 .../{011-wan-firewall => 011-firewall-rules}          | 11 +++++++++++
 1 file changed, 11 insertions(+)
 rename gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/{011-wan-firewall => 011-firewall-rules} (79%)

diff --git a/gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-wan-firewall b/gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
similarity index 79%
rename from gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-wan-firewall
rename to gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
index 792e06a..1a422ca 100755
--- a/gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-wan-firewall
+++ b/gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
@@ -26,5 +26,16 @@ c:section('firewall', 'rule', 'wan_ssh',
 	  }
 )
 
+
+c:section('firewall', 'rule', 'client_dns',
+	  {
+		  name = 'client_dns',
+		  src = 'client',
+		  dest_port = '53',
+		  target = 'REJECT',
+	  }
+)
+
+
 c:save('firewall')
 c:commit('firewall')