1.3.4

1.3.4  ::  Do not allow internal addresses to pass from the Internet into the DMZ.

This basically means to block any private network (ie: 10.0.0.0/8, 172.16.0.0/16, and 192.168.0.0/24) at the border firewall.  This helps prevent DoS attacks.