numbers.m4, telecaster.m4: TLS-enabled web cache.

[firewall] / telecaster.m4

diff --git a/telecaster.m4 b/telecaster.m4
index 4e3763d..4e7c787 100644 (file)
--- a/telecaster.m4
+++ b/telecaster.m4
@@ -31,9 +31,11 @@ allowservices inbound tcp \
        ident \
        ftp ftp_data \
        rsync \
-       http https squid
-allowservices inbound udp \
-       icp
+       http https squid ssquid
+
+run iptables -A inbound -j ACCEPT \
+       -p udp --destination-port $port_icp \
+       -m limit --limit 10/second --limit-burst 100
 
 ## Other interesting things.
 dnsresolver inbound