Firewall/NAT

Hello All,
I have ran into an odd issue, this rule on our m0n0wall version version 1.33 router

Proto  Source          Port    Dest   Port           Desc
UDP   !192.168.x.x  *        *        53 (DNS)

Works perfectly when applied to the LAN interface and block all DNS request except for the DNS server defined in the !source

However when applied to the wireless interface ( Bridged with the LAN or Not) all DNS traffic is blocked for wireless clients

the firewall logs each attempt --> WIRELESS    192.168.10.30, port 61029    192.168.10.2, port 53    UDP
I am using an Atheros CM9 wireless card and the system is an ALIX2c series

*This happens on our test system with build 1.8.0b477 as well

Any ideas?

[Proto Source Port Destination Port Description]

Update/workaround

On the wireless interface only ( Tested only with Athros based cards) This allows DNS lookup to the m0n0wall or internal DNS server while blocking alternate DNS lookups. Why this must be applied on wireless and not on the LAN interface baffles me but I am guessing it is a driver issue

            Proto           Source            Port                 Destination         Port            Description    
   
(Reject)  TCP        ! 192.168.10.2         *                         *               25 (SMTP)        SMTP Block     
   
(Pass)    UDP                   *                *                192.168.10.2       53 (DNS)         <- must be added
   
(Reject)  UDP     ! 192.168.10.2          *                          *                53 (DNS)        DNS HiJack Block 
   
(Pass)       *           LAN net                *                          *                        *            Default Wireless -> any