I have customers routers that have "open recursive DNS port 53" and my upstream provider is telling me I need to get that blocked. Rather than chase down each customer I would like to block this at my core router. I have a firewall rule setup but it does not appear to be working. Any ideas what I'm doing wrong?
add action=drop chain=forward comment="" disabled=no dst-port=53 protocol=udp \