As I already mentioned, this rule can easily be circumvented. I understand the desire to prevent unrestricted network access and I don’t have a better idea to contribute. But maybe the rule should be dropped if it’s not possible to enforce anyway. Some apps also use wildcard egress to allow the usage of popups, which would become blocked with this rule, which might not be the intention of this rule.
To be clear, we wouldn’t be impacted by this rule, but I don’t think it fulfills the goal of having actual verification: