~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
telecaster.m4: Rate-limit incoming ICP.
[firewall] / telecaster.m4
diff --git a/telecaster.m4 b/telecaster.m4
index 52ba121..dd278b8 100644 (file)
--- a/telecaster.m4
+++ b/telecaster.m4
@@ -33,6 +33,10 @@ allowservices inbound tcp \
        rsync \
        http https squid
 
+run iptables -A inbound -j ACCEPT \
+       -p udp --destination-port $port_icp \
+       -m limit --limit 10/second --limit-burst 100
+
 ## Other interesting things.
 dnsresolver inbound
 
Firewall scripts for distorted.org.uk.