diff options
| -rw-r--r-- | windows/winfw/src/winfw/rules/dns/permitnontunnel.h | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/windows/winfw/src/winfw/rules/dns/permitnontunnel.h b/windows/winfw/src/winfw/rules/dns/permitnontunnel.h index 07b67245c3..3d8fac5cf2 100644 --- a/windows/winfw/src/winfw/rules/dns/permitnontunnel.h +++ b/windows/winfw/src/winfw/rules/dns/permitnontunnel.h @@ -6,6 +6,11 @@ #include <optional> #include <string> +// +// N.B. This rule must only be used for "custom DNS". +// Connecting to a relay on port 53 is supported using a different rule. +// + namespace rules::dns { @@ -14,8 +19,10 @@ class PermitNonTunnel : public IFirewallRule public: // - // The alias argument has to be optional for when the relay is connected on port 53. - // At this point in time there's no tunnel yet. + // The tunnel alias is optional so this rule can be applied even + // when no tunnel exists. + // + // If a tunnel does exist, the alias must be provided. // PermitNonTunnel(std::optional<std::wstring> tunnelInterfaceAlias, const std::vector<wfp::IpAddress> &hosts); |