From 08785c00e46a6194173bd9dc92f6f9c374a57a21 Mon Sep 17 00:00:00 2001
From: James Smith <james@floppy.org.uk>
Date: Mon, 19 Oct 2020 16:07:01 +0100
Subject: [PATCH] Exclude multicast DNS from the killswitch in mode 2

So that we can still use mDNS hostnames for devices on the local network when the killswitch is enabled. Resolves ProtonVPN#247.
---
 protonvpn_cli/connection.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/protonvpn_cli/connection.py b/protonvpn_cli/connection.py
index f881a8f..3d4792d 100644
--- a/protonvpn_cli/connection.py
+++ b/protonvpn_cli/connection.py
@@ -851,6 +851,9 @@ def manage_killswitch(mode, proto=None, port=None):
             exclude_lan_commands = [
                 "iptables -A OUTPUT -o {0} -d {1} -j ACCEPT".format(default_nic, local_network), # noqa
                 "iptables -A INPUT -i {0} -s {1} -j ACCEPT".format(default_nic, local_network), # noqa
+                # multicast DNS
+                "iptables -A OUTPUT -p udp -o {0} -d 224.0.0.251/32 --dport 5353 -j ACCEPT ".format(default_nic), # noqa
+                "iptables -A INPUT -p udp -i {0} -s 224.0.0.251/32 --sport 5353 -j ACCEPT".format(default_nic), # noqa
             ]
 
             for lan_command in exclude_lan_commands: