diff --git a/internal/domain/acl.go b/internal/domain/acl.go
index 98ddb25..424d61d 100644
--- a/internal/domain/acl.go
+++ b/internal/domain/acl.go
@@ -18,11 +18,12 @@ import (
 )
 
 const (
-	AutoGroupSelf     = "autogroup:self"
-	AutoGroupMember   = "autogroup:member"
-	AutoGroupMembers  = "autogroup:members"
-	AutoGroupTagged   = "autogroup:tagged"
-	AutoGroupInternet = "autogroup:internet"
+	AutoGroupSelf      = "autogroup:self"
+	AutoGroupMember    = "autogroup:member"
+	AutoGroupMembers   = "autogroup:members"
+	AutoGroupTagged    = "autogroup:tagged"
+	AutoGroupInternet  = "autogroup:internet"
+	AutoGroupDangerAll = "autogroup:danger-all"
 )
 
 type AutoApprovers struct {
diff --git a/internal/domain/acl_filter_rules.go b/internal/domain/acl_filter_rules.go
index 4722e4a..547786c 100644
--- a/internal/domain/acl_filter_rules.go
+++ b/internal/domain/acl_filter_rules.go
@@ -303,6 +303,10 @@ func (a ACLPolicy) translateSourceAliasToMachineIPs(alias string, m *Machine, u
 		return append(m.IPs(), m.AllowedPrefixes()...)
 	}
 
+	if alias == AutoGroupDangerAll {
+		return []string{"0.0.0.0/0", "::/0"}
+	}
+
 	return a.translateAliasToMachineIPs(alias, m, f)
 }
 
diff --git a/internal/domain/acl_test.go b/internal/domain/acl_test.go
index 692ea62..aaee426 100644
--- a/internal/domain/acl_test.go
+++ b/internal/domain/acl_test.go
@@ -628,6 +628,56 @@ func TestACLPolicy_BuildFilterRulesAutogroupInternet(t *testing.T) {
 	assert.Equal(t, expectedRules, actualRules)
 }
 
+func TestACLPolicy_BuildFilterRulesAutogroupDangerAll(t *testing.T) {
+	p1 := createMachine("nick@example.com")
+	p2 := createMachine("jane@example.com")
+
+	policy := ACLPolicy{
+		ionscale.ACLPolicy{
+			ACLs: []ionscale.ACLEntry{
+				{
+					Action:      "accept",
+					Source:      []string{"autogroup:danger-all"},
+					Destination: []string{"*:*"},
+				},
+			},
+		},
+	}
+
+	dst := createMachine("john@example.com")
+
+	expectedDstPorts := []tailcfg.NetPortRange{}
+	for _, r := range autogroupInternetRanges() {
+		expectedDstPorts = append(expectedDstPorts, tailcfg.NetPortRange{
+			IP: r,
+			Ports: tailcfg.PortRange{
+				First: 0,
+				Last:  65535,
+			},
+		})
+	}
+
+	actualRules := policy.BuildFilterRules([]Machine{*p1, *p2}, dst)
+	expectedRules := []tailcfg.FilterRule{
+		{
+			SrcIPs: []string{
+				"0.0.0.0/0", "::/0",
+			},
+			DstPorts: []tailcfg.NetPortRange{
+				{
+					IP: "*",
+					Ports: tailcfg.PortRange{
+						First: 0,
+						Last:  65535,
+					},
+				},
+			},
+		},
+	}
+
+	assert.Equal(t, expectedRules, actualRules)
+}
+
 func TestWithUser(t *testing.T) {
 	policy := ACLPolicy{
 		ionscale.ACLPolicy{