RFC-WG-0002                                                     Section 6
Category: Architecture                                     Security Boundaries

6. Security Boundaries

← Network Topology | Index | Next →

6.1 Boundary Definitions

6.2 Enforcement Principles

• Public/LAN interfaces are default-deny for internal service ports.
• wg0 is the only allowed ingress path for internal services.
• Exceptions for public exposure are explicitly declared and reviewed.

End of Security Boundaries — RFC-WG-0002