Oops. 0.0.0.0/8 and 169.254.0.0/16 are also special.

svn:r5536

doc/tor.1.in

@@ -387,11 +387,12 @@ For example, "reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept *:*" would
 reject any traffic destined for localhost and any 192.168.1.* address, but
 accept anything else.
 
-To specify all internal networks (including 169.254.0.0/16,
-127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12), you can use
-the "private" alias instead of an address.  For example, to allow HTTP
-to 127.0.0.1 and block all other connections to internal networks, you
-can say "accept 127.0.0.1:80,reject private:*".  See RFC 3330 for more
+To specify all internal and link-local networks (including 0.0.0.0/8,
+169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and
+172.16.0.0/12), you can use the "private" alias instead of an address.
+For example, to allow HTTP to 127.0.0.1 and block all other
+connections to internal networks, you can say "accept
+127.0.0.1:80,reject private:*".  See RFC 1918 and RFC 3330 for more
 details about internal and reserved IP address space.
 
 This directive can be specified multiple times so you don't have to put

src/or/config.c

@@ -2777,6 +2777,7 @@ static int
 config_expand_exit_policy_aliases(smartlist_t *entries)
 {
   static const char *prefixes[] = {
+    "0.0.0.0/8", "169.254.0.0/16",
     "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL };
   int i;
   char *pre=NULL, *post=NULL;