Just to be pedantic, the LAN client's requests will be coming in on interface br0 (i.e. 192.168.1.1) not 127.0.0.1. But the iptables rules will still work because dnsmasq also listens on that. And to be doubly pedantic, the stubby port number is 5453 according to post #67.dnsmasq will listen for dns requests on 127.0.0.1 port 53 by default so those IP tables are still good for that.
dnsmasq will then forward the requests to stubby at 127.0.0.1 on what ever port you have selected for it. Stubby will then do its encryption magic and forward the request to the upstream dns on port 853