diff --git a/internal/configuration/settings/errors.go b/internal/configuration/settings/errors.go
index d3ebf02c..80d1f159 100644
--- a/internal/configuration/settings/errors.go
+++ b/internal/configuration/settings/errors.go
@@ -8,7 +8,7 @@ var (
 	ErrCountryNotValid                 = errors.New("the country specified is not valid")
 	ErrFilepathMissing                 = errors.New("filepath is missing")
 	ErrFirewallZeroPort                = errors.New("cannot have a zero port")
-	ErrFirewallPublicOutboundSubnet    = errors.New("outbound subnet is public")
+	ErrFirewallPublicOutboundSubnet    = errors.New("outbound subnet has an unspecified address")
 	ErrHostnameNotValid                = errors.New("the hostname specified is not valid")
 	ErrISPNotValid                     = errors.New("the ISP specified is not valid")
 	ErrMinRatioNotValid                = errors.New("minimum ratio is not valid")
diff --git a/internal/configuration/settings/firewall.go b/internal/configuration/settings/firewall.go
index 9d8b61dd..6a12e5ac 100644
--- a/internal/configuration/settings/firewall.go
+++ b/internal/configuration/settings/firewall.go
@@ -27,7 +27,7 @@ func (f Firewall) validate() (err error) {
 	}
 
 	for _, subnet := range f.OutboundSubnets {
-		if !subnet.Addr().IsPrivate() {
+		if subnet.Addr().IsUnspecified() {
 			return fmt.Errorf("%w: %s", ErrFirewallPublicOutboundSubnet, subnet)
 		}
 	}
diff --git a/internal/configuration/settings/firewall_test.go b/internal/configuration/settings/firewall_test.go
index 7a4a4e8f..a477d8c1 100644
--- a/internal/configuration/settings/firewall_test.go
+++ b/internal/configuration/settings/firewall_test.go
@@ -37,7 +37,7 @@ func Test_Firewall_validate(t *testing.T) {
 				},
 			},
 			errWrapped: ErrFirewallPublicOutboundSubnet,
-			errMessage: "outbound subnet is public: 0.0.0.0/0",
+			errMessage: "outbound subnet has an unspecified address: 0.0.0.0/0",
 		},
 		"public_outbound_subnet": {
 			firewall: Firewall{
@@ -45,8 +45,6 @@ func Test_Firewall_validate(t *testing.T) {
 					netip.MustParsePrefix("1.2.3.4/32"),
 				},
 			},
-			errWrapped: ErrFirewallPublicOutboundSubnet,
-			errMessage: "outbound subnet is public: 1.2.3.4/32",
 		},
 		"valid_settings": {
 			firewall: Firewall{