#
# Private LAN only access allowed
#

# Allow UNIX local sockets
allow	unix:;

# Allow localhost
allow	127.0.0.0/8;
allow   ::1;

# Private IPv4 addresses (RFC 1918)
allow   10.0.0.0/8;
allow   172.16.0.0/12;
allow   192.168.0.0/16;

# Private IPv6 addresses (RFC 4193)
allow   fc00::/7;

# Link-local IPv4 addresses (RFC 6890 and RFC 3927)
deny    169.254.0.0/24;
deny    169.254.255.0/24;
allow   169.254.0.0/16;

# Link-local IPv6 addresses (RFC 4862 and RFC 4291)
allow   fe80::/10;

# Global IPv6 subnet assigned to us by our ISP
allow   2001:db8:c0de::/64;

# Deny access to rest of the world
deny    all;