# This file defines the set of CIDRs (network/mask-length) to which
# we MUST communicate in the clear. Otherwise traffic is blocked. This
# is enforced (and can be tweaked) by setting the negotiationshunt= and
# failureshunt= to drop.
#
# One IPv4 or IPv6 CIDR per line, optionally specifying a further
# narrowing of protocol, source port and destination port
#
# examples:
# encrypt all traffic to an IPv4 or IPv6 host or subnet
# 10.0.1.0/24
# 10.1.1.1/32
# 2a03:6000:1004:1::/64
#
# encrypt all smtp traffic to some host
#  10.0.1.0/24  tcp  0  25
# encrypt all incoming smtp traffic
#  0.0.0.0/0  tcp  25  0
