# # Private LAN only access allowed # # Allow UNIX local sockets allow unix:; # Allow localhost allow 127.0.0.0/8; allow ::1; # Private IPv4 addresses (RFC 1918) allow 10.0.0.0/8; allow 172.16.0.0/12; allow 192.168.0.0/16; # Private IPv6 addresses (RFC 4193) allow fc00::/7; # Link-local IPv4 addresses (RFC 6890 and RFC 3927) deny 169.254.0.0/24; deny 169.254.255.0/24; allow 169.254.0.0/16; # Link-local IPv6 addresses (RFC 4862 and RFC 4291) allow fe80::/10; # Global IPv6 subnet assigned to us by our ISP allow 2001:db8:c0de::/64; # Deny access to rest of the world deny all;