changed the valid UDP module from 'proxy' to 'forward'

forward is based on incoming port, while proxy is based on domains
	and we don't have any domain names for raw UDP or TCP

bin/goldilocks.js

@@ -56,6 +56,27 @@ function fixRawConfig(config) {
     delete config.dns;
     updated = true;
   }
+  // Convert all 'proxy' UDP modules to 'forward' modules that specify which
+  // incoming ports are relevant. Primarily to make 'proxy' modules consistent
+  // in needing relevant domain names.
+  if (config.udp && !Array.isArray(config.udp.bind)) {
+    config.udp.bind = [].concat(config.udp.bind || []);
+    updated = true;
+  }
+  if (config.udp && config.udp.modules) {
+    if (!config.udp.bind.length || !Array.isArray(config.udp.modules)) {
+      delete config.udp.modules;
+      updated = true;
+    } else {
+      config.udp.modules.forEach(function (mod) {
+        if (mod.type === 'proxy') {
+          mod.type = 'forward';
+          mod.ports = config.udp.bind.slice();
+          updated = true;
+        }
+      });
+    }
+  }
 
   // This we take the old way of defining ACME options and put them into a tls module.
   if (config.tls) {

lib/admin/config.js

@@ -49,7 +49,8 @@ var moduleSchemas = {
     }
   }
 };
-// forward is basically the name for the TCP proxy
+// forward is basically the same as proxy, but specifies the relevant incoming port(s).
+// only allows for the raw transport layers (TCP/UDP)
 moduleSchemas.forward = JSON.parse(JSON.stringify(moduleSchemas.proxy));
 moduleSchemas.forward.required = [ 'ports' ];
 moduleSchemas.forward.properties.ports = { type: 'array', items: portSchema };
@@ -70,7 +71,7 @@ var moduleRefs = {
   http: [ 'proxy', 'static', 'redirect' ].map(toSchemaRef)
 , tls:  [ 'proxy', 'acme' ].map(toSchemaRef)
 , tcp:  [ 'forward' ].map(toSchemaRef)
-, udp:  [ 'proxy' ].map(toSchemaRef)
+, udp:  [ 'forward' ].map(toSchemaRef)
 };
 
 function addDomainRequirement(itemSchema) {

lib/goldilocks.js

@@ -95,16 +95,20 @@ module.exports.create = function (deps, config) {
     });
   }
 
-  function dnsListener(msg) {
+  function dnsListener(port, msg) {
     if (!Array.isArray(config.udp.modules)) {
       return;
     }
     var socket = require('dgram').createSocket('udp4');
     config.udp.modules.forEach(function (mod) {
-      if (mod.type !== 'proxy') {
+      if (mod.type !== 'forward') {
         console.warn('found bad DNS module', mod);
         return;
       }
+      if (mod.ports.indexOf(port) < 0) {
+        return;
+      }
+
       var dest = require('./domain-utils').separatePort(mod.address || '');
       dest.port = dest.port || mod.port;
       dest.host = dest.host || mod.host || 'localhost';
@@ -224,13 +228,9 @@ module.exports.create = function (deps, config) {
   });
 
   if (config.udp.bind) {
-    if (Array.isArray(config.udp.bind)) {
+    config.udp.bind.forEach(function (port) {
-      config.udp.bind.map(function (port) {
+      listenPromises.push(listeners.udp.add(port, dnsListener.bind(port)));
-        listenPromises.push(listeners.udp.add(port, dnsListener));
     });
-    } else {
-      listenPromises.push(listeners.udp.add(config.udp.bind, dnsListener));
-    }
   }
 
   if (!config.mdns.disabled) {