iptables rule not working as expected

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I feel we have a fairly restrictive firewall in place, but my attempts to
allow DHCP from a range of IP addresses seem to fail.

Using a simple script I wrote, we see:

Resolved_Address Packets Bytes Protocol(s) Dest.Port(s)
...   3       560   UDP         54366
Totals           4       0.7KB for search pattern "UNSOLICITED"

The ruleset is:

:INPUT DROP [wlan0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i wlan0 -p udp -s -m state --state NEW -j
-A INPUT -i wlan0 -m state --state NEW -j LOG --log-level 7 --log-prefix

These types of drops seem to cause DNS delays fairly often How might I
fix this please?

Site Timeline