I want to block all UDP traffic from servers in natted DMZ. Except DNS traffic that I think is the only needed. My solution is: DNS(ACCEPT) dmz:192.168.110.0/24 all DROP dmz:192.168.110.0/24 net:!8.8.8.8,208.67.222.222 udp Where 8.8.8.8 and 208.67.222.222 are the DNS in /etc/resolv.conf I still have slow connections and name resolution. Is there a better solution? Thanks, P. ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk