diff --git a/jobs/port_forwarding/spec b/jobs/port_forwarding/spec
index 4775758..18b5553 100644
--- a/jobs/port_forwarding/spec
+++ b/jobs/port_forwarding/spec
@@ -19,3 +19,7 @@ properties:
     - external_port: 443
       internal_ip: 10.10.0.34
       internal_port: 4443
+    - external_port: 53
+      internal_ip: 169.254.0.2
+      internal_port: 53
+      protocol: udp
diff --git a/jobs/port_forwarding/templates/bin/forward_ports.sh.erb b/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
index dfe889c..b3d59ee 100644
--- a/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
+++ b/jobs/port_forwarding/templates/bin/forward_ports.sh.erb
@@ -29,8 +29,9 @@ sysctl net.ipv4.conf.all.route_localnet=0
 	<% external_port = rule['external_port'] || raise("Expected non-empty 'external_port' on '#{rule.inspect}' rule") %>
 	<% internal_ip   = rule['internal_ip']   || "127.0.0.1" %>
 	<% internal_port = rule['internal_port'] || raise("Expected non-empty 'internal_port' on '#{rule.inspect}' rule") %>
+	<% protocol      = rule['protocol'] || "tcp" %>
 
-	sudo iptables -t nat -A portforwarding-release -p tcp --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %>
+	sudo iptables -t nat -A portforwarding-release -p <%= protocol %> --dport <%= external_port %> -j DNAT --to <%= internal_ip %>:<%= internal_port %>
 
 	<% if internal_ip == "127.0.0.1" %>
 		sysctl net.ipv4.conf.all.route_localnet=1