Update comments on rules::dns::PermitNonTunnel

author: Odd Stranne <odd@mullvad.net> 2020-06-08 15:16:22 +0200
committer: Odd Stranne <odd@mullvad.net> 2020-06-09 10:12:06 +0200
commit: f7c9ed742e707c4cf2301ba683bc5041c303446d (patch)
tree: f59fa6322558c961cee7a9673564815a0d5bb802 /windows
parent: 3a35547e4c4a00755b14d05f67ae5e636138f81b (diff)
download: mullvadvpn-f7c9ed742e707c4cf2301ba683bc5041c303446d.tar.xz
mullvadvpn-f7c9ed742e707c4cf2301ba683bc5041c303446d.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/windows/winfw/src/winfw/rules/dns/permitnontunnel.h b/windows/winfw/src/winfw/rules/dns/permitnontunnel.h
index 07b67245c3..3d8fac5cf2 100644
--- a/windows/winfw/src/winfw/rules/dns/permitnontunnel.h
+++ b/windows/winfw/src/winfw/rules/dns/permitnontunnel.h
@@ -6,6 +6,11 @@
 #include <optional>
 #include <string>
 
+//
+// N.B. This rule must only be used for "custom DNS".
+// Connecting to a relay on port 53 is supported using a different rule.
+//
+
 namespace rules::dns
 {
 
@@ -14,8 +19,10 @@ class PermitNonTunnel : public IFirewallRule
 public:
 
 	//
-	// The alias argument has to be optional for when the relay is connected on port 53.
-	// At this point in time there's no tunnel yet.
+	// The tunnel alias is optional so this rule can be applied even
+	// when no tunnel exists.
+	//
+	// If a tunnel does exist, the alias must be provided.
 	//
 	PermitNonTunnel(std::optional<std::wstring> tunnelInterfaceAlias, const std::vector<wfp::IpAddress> &hosts);
author	Odd Stranne <odd@mullvad.net>	2020-06-08 15:16:22 +0200
committer	Odd Stranne <odd@mullvad.net>	2020-06-09 10:12:06 +0200
commit	f7c9ed742e707c4cf2301ba683bc5041c303446d (patch)
tree	f59fa6322558c961cee7a9673564815a0d5bb802 /windows
parent	3a35547e4c4a00755b14d05f67ae5e636138f81b (diff)
download	mullvadvpn-f7c9ed742e707c4cf2301ba683bc5041c303446d.tar.xz mullvadvpn-f7c9ed742e707c4cf2301ba683bc5041c303446d.zip