Nope vlan_local should look like this:
default drop
rule 1 accept destination udp port 67
rule 2 accept destination udp port 53
(edit -- order doesn't really matter here though)
Don't apply it to your main / management VLAN though ... else you'll be in a bind Image may be NSFW.
Clik here to view.
