Private nets should be rejected unless explicitly accepted
Private networks (192.168., 10.0.0, ...) should be rejected unless the administrator explicitly adds an accept policy.
Instead of a exit policy like this: ExitPolicy accept *:53 ExitPolicy accept *:443 ExitPolicy reject :
The current setup forces the administrator to use a unnecessary complex exit policy: ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy accept *:53 ExitPolicy accept *:443 ExitPolicy reject :
[Automatically added by flyspray2trac: Operating System: All]
Trac:
Username: thomass