From d9c76cf4dc110ffb386ab9792ecdd6cc6819db95 Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Fri, 11 Aug 2023 11:41:07 +0200
Subject: [PATCH] Correctly finalize DNS requests if filtered

---
 firewall/dns.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/firewall/dns.go b/firewall/dns.go
index 5c3542f1..498d3a52 100644
--- a/firewall/dns.go
+++ b/firewall/dns.go
@@ -177,6 +177,15 @@ func FilterResolvedDNS(
 		return rrCache
 	}
 
+	// Finalize verdict.
+	defer func() {
+		// Reset from previous filtering.
+		conn.Verdict.Active = network.VerdictUndecided
+		conn.Verdict.Worst = network.VerdictUndecided
+		// Update all values again.
+		finalizeVerdict(conn)
+	}()
+
 	// special grant for connectivity domains
 	if checkConnectivityDomain(ctx, conn, layeredProfile, nil) {
 		// returns true if check triggered