telecaster.m4: Rate-limit incoming ICP.

author Mark Wooding <mdw@distorted.org.uk>

Mon, 6 May 2013 11:34:16 +0000 (12:34 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Mon, 6 May 2013 11:34:16 +0000 (12:34 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Mon, 6 May 2013 11:34:16 +0000 (12:34 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Mon, 6 May 2013 11:34:16 +0000 (12:34 +0100)
diff --git a/telecaster.m4 b/telecaster.m4

index 4e3763d..dd278b8 100644 (file)
--- a/telecaster.m4
+++ b/telecaster.m4
@@ -32,8 +32,10 @@ allowservices inbound tcp \
         ftp ftp_data \
         rsync \
         http https squid
-allowservices inbound udp \
-       icp
+
+run iptables -A inbound -j ACCEPT \
+       -p udp --destination-port $port_icp \
+       -m limit --limit 10/second --limit-burst 100
  
  ## Other interesting things.
  dnsresolver inbound
author	Mark Wooding <mdw@distorted.org.uk>
	Mon, 6 May 2013 11:34:16 +0000 (12:34 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Mon, 6 May 2013 11:34:16 +0000 (12:34 +0100)