On Aug 7, 5:09 am, samwyse <[email protected]> wrote: > I've just now suggested this on Slashdot: At startup, issue a big > multi-line warning if the IP addresses that are getting bound aren't > on the loopback address or a private internet. The private internets > are defined in RFC 1918 as: > > 10.0.0.0 - 10.255.255.255 (10/8 prefix) > 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) > 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Shouldn't it first verify itself against my firewall configuration and ensure I don't have SASL enabled? Should you also verify the IPv6 address class isn't link-local or perhaps using an intrasite tunneling policy for cross datacenter invalidations? I wouldn't want to get an alert when I'm doing it right just because some people are doing it wrong.
