Any host with 127.0.0.1 in PTR record can bypass any ACL limitations.
vulners.com/securityvulns/securityvulns:doc:4657