diff --git a/ChangeLog b/ChangeLog
index 00f2baa..59d1e21 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,19 @@ vNEXT:
 	07719f55b87c279cd56dfbf9ab6facb6a3e193cc for the
 	time being.
 
+	UDP support now works. It only works with sslh-fork,
+	which will create a single process that handles all
+	UDP connections with select(). Probes specified in
+	the `protocols` configuration entry are tried on
+	incoming packets, TCP or UDP, and forwarded based on
+	the input protocol (an incoming TCP connection will
+	be forwarded as TCP, and same with UDP).
+	This has been tested with DNS as shown in udp.cfg:
+	incoming packets that contain my domain name are
+	assumed to be a DNS request and forwarded
+	accordingly. Note this could cause problems if
+	combined with incoming TLS with SNI.
+
 	Added symbol to support libconfig 1.4.9, still in
 	use in CentOS7.
 
diff --git a/udp.cfg b/udp.cfg
new file mode 100644
index 0000000..6d619a5
--- /dev/null
+++ b/udp.cfg
@@ -0,0 +1,31 @@
+# Example for UDP protocols
+
+# Listen sockets get a `is_udp : true` option
+# Protocol entries work exactly the same as TCP, there is no
+# difference. Currently, if mix up TCP and UDP probes, sslh will
+# try them in order and forward a UDP packet to a TCP probe
+# that matches (but using UDP; meaning, sslh will happily
+# forward a UDP packet to udp:localhost:80 if the HTTP
+# probe is specified, and matches)
+
+verbose: 3;
+foreground: true;
+inetd: false;
+numeric: false;
+transparent: false;
+timeout: 10;
+pidfile: "/tmp/sslh_test.pid";
+
+
+# List of interfaces on which we should listen
+# Options:
+listen: (
+    { host: "localhost"; is_udp: true; port: "4443"; }
+);
+
+ 
+protocols:
+(
+     { name: "regex"; regex_patterns: [ "rutschle.net" ]; host: "ns1.rutschle.net"; port: "53"; },
+     { name: "anyprot";  host: "localhost"; port: "9099";  }
+);