[Firehol-support] Windows 7 & 10 dns resolution

[Celedhrim]

Hi,

I have a debian testing as gateway on my network with 2 NIC , eth0:lan
eth1:wan
This gateway is also dhcp/dns for the lan
With linux android client no problems , all is fine.
With windows 10 , windows 7 and xbox one , when they start , they say :
No network.
I can ping the gateway , http it etc but nslookup say : TIMEOUT :(
So Microsoft device have no dns.
I have my old pure iptables sh script , so I run it , and it work like a
charm !

My theory : Firehol do something that drop windows dns request or
windows traffic use to test OS connectivity

My iptables with firehol start with this :

####
     0     0 DROP       tcp  --  any    any     anywhere
anywhere             tcp flags:FIN,ACK/FIN,ACK ctstate INVALID,NEW
     0     0 DROP       tcp  --  any    any     anywhere
anywhere             tcp flags:RST,ACK/RST,ACK ctstate INVALID,NEW
     0     0 DROP       tcp  --  any    any     anywhere
anywhere             tcp flags:ACK/ACK ctstate INVALID,NEW
     8   320 DROP       tcp  --  any    any     anywhere
anywhere             tcp flags:RST/RST ctstate INVALID,NEW
     0     0 DROP       icmp --  any    any     anywhere
anywhere             icmp destination-unreachable ctstate INVALID,NEW
     0     0 NFLOG      all  --  any    any     anywhere
anywhere             ctstate INVALID limit: avg 1/sec burst 5
nflog-prefix  "BLOCKED INVALID IN:"
     0     0 DROP       all  --  any    any     anywhere
anywhere             ctstate INVALID
  5940  551K in_lan     all  --  eth0   any     anywhere anywhere
#####

My question :

It's possible to say that an interface accept all sort of package , or
see what is the bad default for Microsoft OS ?

My last possiblity is to add a iptables rules like lo on , on top on
input chain to accept all , but I prefere to have a good firehol conf ^^

Celedhrim.