Why block private subnets? #4
Description
You have the following rules in your firewall configuration:
iptables -I OUTPUT -d 10.0.0.0/8 -j DROP
iptables -I OUTPUT -d 172.16.0.0/12 -j DROP
iptables -I OUTPUT -d 192.168.0.0/16 -j DROP
I don't understand the reason for them. In a network namespace you'll have just lo and tun interfaces. These addresses may appear only on tun interface and will represent your address inside your VPN provider's network. All you do by adding those rules is block the ability to ping the servers from inside the VPN, right? Besides, you don't block private subnets for IPv6.
Am I missing something?