### jem-specific rules.
m4_divert(82)m4_dnl
+## Set up the SAUCE sinbin. Unfortunately, ipset is a bit brittle. This
+## isn't a completely critical part of the firewall security, so don't make
+## this fail the entire script.
+errorchain sauce REJECT
+makeset sauce iphash || :
+iptables -A inbound -g sauce -m set --match-set sauce src || :
+
## Externally visible services.
allowservices inbound tcp \
ssh \