Security flaw in default configuration (<= 0.18)

There is a security flaw with the default configuration. ALLOW_LIST is
set to allow.p2p which accept incoming and outgoing connections from
private IP address ranges as destination addresses:

# Private IP addresses
IANA Private : 10.0.0.0 - 10.255.255.255
IANA Private : 172.16.0.0 - 172.31.255.255
IANA Private : 192.168.0.0 - 192.168.255.255

So everyone could connect (in the INPUT chain) if you have such an IP
address. It's best to remove allow.p2p from the ALLOW_LIST option. This will be changed in the next version.