diff --git a/internal/firewall/iptables/iptables.go b/internal/firewall/iptables/iptables.go
index b96b4f1d..44d9ab1f 100644
--- a/internal/firewall/iptables/iptables.go
+++ b/internal/firewall/iptables/iptables.go
@@ -189,9 +189,9 @@ func (c *Config) AcceptOutputFromIPPortToIPPort(ctx context.Context,
 		interfaceFlag = ""
 	}
 
-	instruction := fmt.Sprintf("%s OUTPUT -s %s --sport %d -d %s %s -p %s -m %s --dport %d -j ACCEPT",
-		appendOrDelete(remove), source.Addr(), source.Port(), destination.Addr(),
-		interfaceFlag, protocol, protocol, destination.Port())
+	instruction := fmt.Sprintf("%s OUTPUT %s -s %s -d %s -p %s -m %s --sport %d --dport %d -j ACCEPT",
+		appendOrDelete(remove), interfaceFlag, source.Addr(), destination.Addr(),
+		protocol, protocol, source.Port(), destination.Port())
 	if destination.Addr().Is4() {
 		return c.runIptablesInstruction(ctx, instruction)
 	} else if c.ip6Tables == "" {
diff --git a/internal/restrictednet/resolve.go b/internal/restrictednet/resolve.go
index 8c95b61f..b5b789c7 100644
--- a/internal/restrictednet/resolve.go
+++ b/internal/restrictednet/resolve.go
@@ -19,7 +19,8 @@ import (
 func (c *Client) ResolveName(ctx context.Context, host string) (
 	resolvedAddresses []netip.Addr, err error,
 ) {
-	questionTypes := make([]uint16, 0, 2)
+	const maxTypes = 2
+	questionTypes := make([]uint16, 0, maxTypes)
 	if c.ipv6Supported {
 		questionTypes = append(questionTypes, dns.TypeAAAA)
 	}
@@ -105,12 +106,12 @@ func (c *Client) resolveOneQuestionType(ctx context.Context,
 func (c *Client) doHQuery(ctx context.Context, queryWire []byte,
 	dohURL *url.URL, dohServerIP netip.Addr,
 ) (responseMessage *dns.Msg, err error) {
-	httpClient, close, err := c.OpenHTTPS(dohURL.Hostname(), dohServerIP)
+	httpClient, cleanup, err := c.OpenHTTPS(dohURL.Hostname(), dohServerIP)
 	if err != nil {
 		return nil, fmt.Errorf("opening https connection: %w", err)
 	}
 	defer func() {
-		closeErr := close()
+		closeErr := cleanup()
 		if err == nil && closeErr != nil {
 			err = fmt.Errorf("cleaning up https connection: %w", closeErr)
 		}
diff --git a/internal/restrictednet/resolve_test.go b/internal/restrictednet/resolve_test.go
index a0e50b42..51762778 100644
--- a/internal/restrictednet/resolve_test.go
+++ b/internal/restrictednet/resolve_test.go
@@ -70,7 +70,6 @@ func Test_answersToNetipAddrs(t *testing.T) {
 	}
 
 	for testName, testCase := range testCases {
-		testCase := testCase
 		t.Run(testName, func(t *testing.T) {
 			t.Parallel()