Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #128
Closed (moved) (moved)
Open
Issue created Apr 28, 2005 by Trac@tracbot

Private nets should be rejected unless explicitly accepted

Private networks (192.168., 10.0.0, ...) should be rejected unless the administrator explicitly adds an accept policy.

Instead of a exit policy like this: ExitPolicy accept *:53 ExitPolicy accept *:443 ExitPolicy reject :

The current setup forces the administrator to use a unnecessary complex exit policy: ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy accept *:53 ExitPolicy accept *:443 ExitPolicy reject :

[Automatically added by flyspray2trac: Operating System: All]

Trac:
Username: thomass

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking