In one of my recent articles, I explained how I set-up a guest wireless network for our work place (after getting it to work with the right wireless channel :))
After configuring the guest access point, I set up the DNS servers to point to OpenDNS in order to provide a safer and faster DNS service (compared to the default DNS servers our ISP provides) as well as choosing what web-sites should be allowed on the network.
For example, bandwidth hogging (Media/Video Sharing) and other web-sites which could potentially be used for illicit purposes (P2P/File Sharing) are forbidden on the network.
However, without any firewall rules on the router itself, it would still be possible for a guest on the network to change their DNS settings on their wireless adapter to point to any other DNS server; effectively bypassing all OpenDNS filters on the network for that specific client.