From a90736ea12c830628dcf85e5d69e79ddfe5563b0 Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Thu, 16 Jan 2014 20:38:21 +0000
Subject: [PATCH 1/1] tilecache: allow ICP UDP replies

---
 cookbooks/tilecache/recipes/default.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb
index 647e0dc07..209a83dc9 100644
--- a/cookbooks/tilecache/recipes/default.rb
+++ b/cookbooks/tilecache/recipes/default.rb
@@ -48,6 +48,15 @@ tilecaches.each do |cache|
       dest_ports "3130"
       source_ports "1024:"
     end
+    firewall_rule "accept-squid-icp-reply" do
+      action :accept
+      family "inet"
+      source "fw"
+      dest "net:#{address}"
+      proto "udp"
+      dest_ports "3130"
+      source_ports "1024:"
+    end
   end
 end
 
-- 
2.43.2