Internet Access Control Controlling internet access is crucial for AI agents and secure code execution. VoidRun provides granular network control at the MicroVM level, allowing you to restrict outbound connections to prevent data exfiltration and protect against malicious sites.
Why Network Control Matters
🔒 Data Protection Prevent AI agents from leaking sensitive data to external servers.
🛡️ Security Block access to malicious domains and unauthorized endpoints.
📋 Compliance Meet regulatory requirements for isolated code execution.
Use Cases Use Case Configuration AI Code Execution Allow only API endpoints needed for the task CI/CD Pipelines Allow package registries, block everything else Sandbox Testing Disable all internet access for maximum isolation Data Processing Allow database connections, block public internet
Enabling/Disabling Internet Access Disable Internet Access Completely disable outbound internet access for maximum security:
import { VoidRun } from '@voidrun/sdk' ; const vr = new VoidRun ({ apiKey: process . env . VOIDRUN_API_KEY }); // Create sandbox with internet disabled const sandbox = await vr . createSandbox ({ name: 'isolated-sandbox' , cpu: 2 , mem: 2048 }); // TODO: Verify exact method - network config may be via exec or dedicated API // Disable outbound internet (except DNS) await sandbox . exec ({ command: 'iptables -A OUTPUT -p tcp --dport 80 -j DROP && iptables -A OUTPUT -p tcp --dport 443 -j DROP' }); // Verify internet is blocked const result = await sandbox . exec ({ command: 'curl -s --connect-timeout 5 https://google.com || echo "Internet blocked"' }); console . log ( result . data ?. stdout ); // "Internet blocked"
Enable Internet Access Enable full internet access (default behavior):
import { VoidRun } from '@voidrun/sdk' ; const vr = new VoidRun ({ apiKey: process . env . VOIDRUN_API_KEY }); const sandbox = await vr . getSandbox ( 'sandbox-id' ); // TODO: Verify exact method - network config may be via exec or dedicated API // Enable outbound internet await sandbox . exec ({ command: 'iptables -D OUTPUT -p tcp --dport 80 -j DROP 2>/dev/null; iptables -D OUTPUT -p tcp --dport 443 -j DROP 2>/dev/null; echo "Internet enabled"' }); // Verify internet works const result = await sandbox . exec ({ command: 'curl -s --connect-timeout 5 https://api.ipify.org' }); console . log ( 'Public IP:' , result . data ?. stdout );
Allowlists Configure allowlists to permit access only to specific domains or IPs:
Domain Allowlist import { VoidRun } from '@voidrun/sdk' ; const vr = new VoidRun ({ apiKey: process . env . VOIDRUN_API_KEY }); const sandbox = await vr . createSandbox ({ cpu: 2 , mem: 2048 }); // TODO: Verify exact implementation for allowlists // Set up allowlist for specific domains only const allowedDomains = [ 'api.github.com' , 'pypi.org' , 'registry.npmjs.org' ]; // Block all outbound first, then allow specific domains await sandbox . exec ({ command: ` # Block all outbound HTTP/HTTPS iptables -A OUTPUT -p tcp --dport 80 -j DROP iptables -A OUTPUT -p tcp --dport 443 -j DROP # Allow specific domains (resolve and allow their IPs) for domain in ${ allowedDomains . join ( ' ' ) } ; do ip=$(dig +short $domain | head -1) iptables -I OUTPUT -d $ip -p tcp --dport 443 -j ACCEPT done echo "Allowlist configured" ` }); // Test: allowed domain works const allowed = await sandbox . exec ({ command: 'curl -s --connect-timeout 5 https://api.github.com/zen' }); console . log ( 'GitHub API:' , allowed . data ?. stdout ); // Test: blocked domain fails const blocked = await sandbox . exec ({ command: 'curl -s --connect-timeout 5 https://google.com || echo "Blocked"' }); console . log ( 'Google:' , blocked . data ?. stdout ); // "Blocked"
IP Allowlist import { VoidRun } from '@voidrun/sdk' ; const vr = new VoidRun ({ apiKey: process . env . VOIDRUN_API_KEY }); const sandbox = await vr . getSandbox ( 'sandbox-id' ); // TODO: Verify exact implementation // Allow specific IP addresses only const allowedIPs = [ '192.168.1.100' , '10.0.0.50' ]; await sandbox . exec ({ command: ` # Block all outbound first iptables -A OUTPUT -p tcp --dport 443 -j DROP # Allow specific IPs for ip in ${ allowedIPs . join ( ' ' ) } ; do iptables -I OUTPUT -d $ip -p tcp --dport 443 -j ACCEPT done ` });
Blocklists Configure blocklists to deny access to specific domains or IPs:
import { VoidRun } from '@voidrun/sdk' ; const vr = new VoidRun ({ apiKey: process . env . VOIDRUN_API_KEY }); const sandbox = await vr . createSandbox ({ cpu: 2 , mem: 2048 }); // TODO: Verify exact implementation for blocklists // Block specific domains const blockedDomains = [ 'facebook.com' , 'twitter.com' , 'tiktok.com' ]; await sandbox . exec ({ command: ` # Block specific domains for domain in ${ blockedDomains . join ( ' ' ) } ; do ip=$(dig +short $domain | head -1) iptables -A OUTPUT -d $ip -j DROP done echo "Blocklist configured" ` }); // Test: blocked domain fails const blocked = await sandbox . exec ({ command: 'curl -s --connect-timeout 5 https://facebook.com || echo "Blocked"' }); console . log ( 'Facebook:' , blocked . data ?. stdout ); // "Blocked" // Test: other domains work const allowed = await sandbox . exec ({ command: 'curl -s --connect-timeout 5 https://google.com' }); console . log ( 'Google works:' , allowed . data ?. stdout ? 'Yes' : 'No' );
Security Best Practices Network rules are enforced at the MicroVM level using iptables. This provides kernel-level isolation and prevents bypass attempts by AI agents or malicious code.
Recommended Configurations
🔒 Maximum Security Block all internet access. Only allow internal communication. iptables -A OUTPUT -p tcp --dport 80 -j DROP iptables -A OUTPUT -p tcp --dport 443 -j DROP
🎯 Selective Access Allow only required APIs. Block everything else. # Allow only GitHub API iptables -A OUTPUT -p tcp --dport 443 -j DROP iptables -I OUTPUT -d $( dig +short api.github.com | head -1 ) -p tcp --dport 443 -j ACCEPT
Security Checklist
Identify Required Endpoints
List all external APIs and services your sandbox needs to access.
Create Allowlist
Configure iptables to allow only those specific endpoints.
Block Everything Else
Set default DROP policy for all other outbound traffic.
Test Configuration
Verify allowed endpoints work and blocked endpoints fail.
Monitor Traffic
Log any blocked connection attempts for auditing.
Network rules are reset when a sandbox is terminated. For persistent security policies, configure network rules at the start of each session or use a custom image with pre-configured iptables rules.
Next Steps
Tailscale VPN Connect sandboxes to your private network via Tailscale.
Custom Images Create images with pre-configured network rules.
