diff --git a/doc/turn/block-udp-for-turn-test.sh b/doc/turn/block-udp-for-turn-test.sh
new file mode 100755
index 00000000..54f457bf
--- /dev/null
+++ b/doc/turn/block-udp-for-turn-test.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# This script blocks all outbound and inbound DNS except DNS. If all UDP is
+# blocked, the only way to do a peer to peer connection is with a TURN server
+# which supports tcp.
+#
+# NOTE: this script requires Linux and must be run as root/sudo.
+#
+# (c)2016 struktur AG
+# http://www.struktur.de
+
+set -e
+RETVAL=0
+
+run() {
+	set -x
+	local mode=$1
+	iptables $mode INPUT -p udp --sport 53 -j ACCEPT
+	iptables $mode INPUT -p udp --dport 53 -j ACCEPT
+	iptables $mode OUTPUT -p udp --sport 53 -j ACCEPT
+	iptables $mode OUTPUT -p udp --dport 53 -j ACCEPT
+
+	iptables $mode INPUT -p udp -j DROP
+	iptables $mode OUTPUT -p udp -j DROP
+	set +x
+}
+
+start() {
+	run -A
+}
+
+stop() {
+	set +e
+	run -D
+	set -e
+}
+
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	*)
+		echo "Usage: $0 [start|stop]"
+		RETVAL=1
+		;;
+esac
+
+exit $RETVAL