Skip to content
GitLab
Closed (moved) (moved)
Issue created by Trac@tracbot

Private nets should be rejected unless explicitly accepted

Private networks (192.168., 10.0.0, ...) should be rejected unless the administrator explicitly adds an accept policy.

Instead of a exit policy like this: ExitPolicy accept *:53 ExitPolicy accept *:443 ExitPolicy reject :

The current setup forces the administrator to use a unnecessary complex exit policy: ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy accept *:53 ExitPolicy accept *:443 ExitPolicy reject :

[Automatically added by flyspray2trac: Operating System: All]

Trac:
Username: thomass

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information