Restrict Internet Access
Is there any way to restrict internet access for the deployed container?
20 Replies
Project ID:
33c47f57-f4aa-4640-9b44-cd0a3f034b71Project ID:
33c47f57-f4aa-4640-9b44-cd0a3f034b7133c47f57-f4aa-4640-9b44-cd0a3f034b71
can you elaborate?
i'm running some untrusted code in a sandbox, i'd like to restrict internet access
restrict what?
restrict how?
im afraid that its a very vague question
i'm running a server which is executing arbitrary user code for evaluations (we have a coding interview product). i want to make sure this code isn't making requests to the internet. i've designed my service in such a way that it doesn't need to make any calls to the internet, so what i'd like to do is completely disable internet access for the server.
ah okay you want to disable outbound internet traffic, correct?
this would be equivalent to
--network none in docker
correctrailway provides no firewall, this would have to be something you do with iptables inside the container
i think to configure iptables i need a privileged container, is this provided?
yeah iptables access is restricted by docker unless you pass in specific flags
a quick google search provides this command for ubuntu that denys all outgoing traffic
ufw default deny outgoingok will keep looking. thank you brody!
its also possible that railway's docker deamon does allow iptables use in the containers, cant hurt to try
but whatever the solution, it has to be done in the container image
makes sense! thanks
no problem, id be intrested to know how this works out for you too!
yeah seems like the containers aren't run with the right privileges to support iptables:
`
i'll come up with something else
youre part of a team right? you could always shoot an email to railway, theyd probably have some ideas on what you could do
yeah, part of team
where do i do that?