RW wrote: > On Thu, 26 Feb 2009 20:24:58 -0500 > Matt Kettler <mkettler...@verizon.net> wrote: > > >> Unless, of course, you have a trusted_networks or internal_networks >> statement in your config.. At that point the auto-guesser is disabled. >> > > I do have trusted_networks set, I didn't realise that private addresses > would have to be included manually. > Yeah, once you set it manually, SA assumes you really want just what you've told it. There are some (rareish) circumstances where folks don't want to trust all the private IPs in their network (think college campus).
> I thought that SA had complained about my adding private addresses to > trusted_networks, but I realise now it must have been the localhost > address. > > Is there actually any reason why I shouldn't add all the private > addresses? Offhand I can't think of any significant way that could be > exploited. > No, that should be fine. SA won't trust anything after the first untrusted host.
