@dcc @djsumdog okay so say you have your instance admin whos a dumbass

someone gets into the box and gets a shell, checks their ip, finds theyre on a typical private ip range, 10.0.0.x or 192.168.1.x

do a port scan on the entire network and find where the gateway will be, typically it will just have http open or filtered to devices on the network

if we assume its some sort of traditional gateway from an isp, we can do whatever we want to do now, we can ban all the connected devices that connect unless someone pays a ransom, we can open whatever port we want

do you see the problem?