Network Limits (Firewall)

View as Markdown

Daytona provides network egress limiting for sandboxes to control internet access. This feature can be automatically applied based on your organization’s limits or manually configured for specific sandboxes.

Tier-based network restrictions

Network limits are automatically applied to sandboxes based on your organization’s billing tier. This provides secure and controlled internet access for development environments:

Tier 1 & Tier 2: Network access is restricted and cannot be overridden at the sandbox level. Organization-level network restrictions take precedence over sandbox-level settings. Even with networkAllowList specified when creating a sandbox, the organization’s network restrictions still apply
Tier 3 & Tier 4: Full internet access is available by default, with the ability to configure custom network settings

To learn more about organization tiers and limits, see limits.

Essential services are available on all tiers and include services essential for development: package registries, container registries, Git repositories, CDN services, platform services, and system package managers.

Create sandboxes with network restrictions

Daytona provides methods to control network access when creating sandboxes by using the networkAllowList and networkBlockAll parameters:

from daytona import CreateSandboxFromSnapshotParams, Daytona

daytona = Daytona()

# Allow access to specific IP addresses (Wikipedia, X/Twitter, private network)
sandbox = daytona.create(CreateSandboxFromSnapshotParams(
    network_allow_list='208.80.154.232/32,199.16.156.103/32,192.168.1.0/24'
))

# Or block all network access
sandbox = daytona.create(CreateSandboxFromSnapshotParams(
    network_block_all=True
))

import { Daytona } from '@daytona/sdk'

const daytona = new Daytona()

// Allow access to specific IP addresses (Wikipedia, X/Twitter, private network)
const sandbox = await daytona.create({
  networkAllowList: '208.80.154.232/32,199.16.156.103/32,192.168.1.0/24'
})

// Or block all network access
const sandbox = await daytona.create({
  networkBlockAll: true
})

require 'daytona'

daytona = Daytona::Daytona.new

# Allow access to specific IP addresses (Wikipedia, X/Twitter, private network)
sandbox = daytona.create(
  Daytona::CreateSandboxFromSnapshotParams.new(
    network_allow_list: '208.80.154.232/32,199.16.156.103/32,192.168.1.0/24'
  )
)

# Or block all network access
sandbox = daytona.create(
  Daytona::CreateSandboxFromSnapshotParams.new(
    network_block_all: true
  )
)

package main

import (
  "context"
  "log"

  "github.com/daytonaio/daytona/libs/sdk-go/pkg/daytona"
  "github.com/daytonaio/daytona/libs/sdk-go/pkg/types"
)

func main() {
  client, err := daytona.NewClient()
  if err != nil {
    log.Fatal(err)
  }
  ctx := context.Background()

  // Allow access to specific IP addresses (Wikipedia, X/Twitter, private network)
  allowList := "208.80.154.232/32,199.16.156.103/32,192.168.1.0/24"
  sandbox, err := client.Create(ctx, types.SnapshotParams{
    SandboxBaseParams: types.SandboxBaseParams{
      NetworkAllowList: &allowList,
    },
  })

  // Or block all network access
  sandbox, err = client.Create(ctx, types.SnapshotParams{
    SandboxBaseParams: types.SandboxBaseParams{
      NetworkBlockAll: true,
    },
  })
}

import io.daytona.sdk.Daytona;
import io.daytona.sdk.Sandbox;
import io.daytona.sdk.model.CreateSandboxFromSnapshotParams;

public class App {
    public static void main(String[] args) {
        try (Daytona daytona = new Daytona()) {
            // Or block all network access
            CreateSandboxFromSnapshotParams params = new CreateSandboxFromSnapshotParams();
            params.setNetworkBlockAll(true);
            Sandbox sandbox = daytona.create(params);
        }
    }
}

# Allow access to specific IP addresses (Wikipedia, X/Twitter, private network)
curl 'https://app.daytona.io/api/sandbox' \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --data '{
    "networkAllowList": "208.80.154.232/32,199.16.156.103/32,192.168.1.0/24"
  }'

# Or block all network access
curl 'https://app.daytona.io/api/sandbox' \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --data '{
    "networkBlockAll": true
  }'

# Allow access to specific IP addresses (Wikipedia, X/Twitter, private network)
daytona create --network-allow-list '208.80.154.232/32,199.16.156.103/32,192.168.1.0/24'

# Or block all network access
daytona create --network-block-all

Update network settings while a sandbox is running

Daytona provides methods to update network settings for running sandboxes. Organizations on Tier 3 and Tier 4 can change outbound firewall policy after the sandbox is created. The API applies the new rules on the runner and persists them on the sandbox record. The sandbox keeps running; stop or start are not required.

The request must include at least one of networkBlockAll or networkAllowList. Rules match create-time behavior and use the same allow list format.

Sending networkAllowList as an empty string clears a stored allow list
Sending networkBlockAll: true blocks all outbound traffic and clears the allow list
Sending only networkBlockAll: false restores general outbound access (for your tier) and clears a stored allow list

This operation requires the WRITE_SANDBOXES permission. Organizations on Tier 1 or Tier 2 cannot override network policy at the sandbox level, and the API returns an error in that case.

# Block all outbound traffic (clears any allow list)
sandbox.update_network_settings(network_block_all=True)

# Restore general outbound access and clear the allow list
sandbox.update_network_settings(network_block_all=False)

# Apply or replace a CIDR allow list (implies not blocking all)
sandbox.update_network_settings(
    network_allow_list='208.80.154.232/32,192.168.1.0/24'
)

# Clear a stored allow list (empty string). Outbound traffic still follows `network_block_all`.
sandbox.update_network_settings(network_allow_list='')

// Block all outbound traffic (clears any allow list)
await sandbox.updateNetworkSettings({ networkBlockAll: true })

// Restore general outbound access and clear the allow list
await sandbox.updateNetworkSettings({ networkBlockAll: false })

// Apply or replace a CIDR allow list (implies not blocking all)
await sandbox.updateNetworkSettings({
  networkAllowList: '208.80.154.232/32,192.168.1.0/24',
})

// Clear a stored allow list (empty string). Outbound traffic still follows `networkBlockAll`.
await sandbox.updateNetworkSettings({ networkAllowList: '' })

# Block all outbound traffic (clears any allow list)
sandbox.update_network_settings(network_block_all: true)

# Restore general outbound access and clear the allow list
sandbox.update_network_settings(network_block_all: false)

# Apply or replace a CIDR allow list (implies not blocking all)
sandbox.update_network_settings(
  network_allow_list: '208.80.154.232/32,192.168.1.0/24'
)

# Clear the allow list (empty string)
sandbox.update_network_settings(network_allow_list: '')

import apiclient "github.com/daytonaio/daytona/libs/api-client-go"

settings := apiclient.NewUpdateSandboxNetworkSettings()
settings.SetNetworkBlockAll(true)
if err := sandbox.UpdateNetworkSettings(ctx, *settings); err != nil {
  log.Fatal(err)
}

restore := apiclient.NewUpdateSandboxNetworkSettings()
restore.SetNetworkBlockAll(false)
if err := sandbox.UpdateNetworkSettings(ctx, *restore); err != nil {
  log.Fatal(err)
}

allow := apiclient.NewUpdateSandboxNetworkSettings()
allow.SetNetworkAllowList("208.80.154.232/32,192.168.1.0/24")
if err := sandbox.UpdateNetworkSettings(ctx, *allow); err != nil {
  log.Fatal(err)
}

import io.daytona.api.client.model.UpdateSandboxNetworkSettings;

// Block all outbound traffic (clears any allow list)
sandbox.updateNetworkSettings(new UpdateSandboxNetworkSettings().networkBlockAll(true));

// Restore general outbound access and clear the allow list
sandbox.updateNetworkSettings(new UpdateSandboxNetworkSettings().networkBlockAll(false));

// Apply or replace a CIDR allow list
sandbox.updateNetworkSettings(
    new UpdateSandboxNetworkSettings().networkAllowList("208.80.154.232/32,192.168.1.0/24"));

curl 'https://app.daytona.io/api/sandbox/SANDBOX_ID_OR_NAME/network-settings' \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --data '{"networkBlockAll": true}'

# Restore access and clear allow list
curl 'https://app.daytona.io/api/sandbox/SANDBOX_ID_OR_NAME/network-settings' \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --data '{"networkBlockAll": false}'

Network allow list format

The network allow list is a comma-separated list of IPv4 CIDR blocks. Set your allowed networks using the networkAllowList parameter when creating a sandbox or when updating settings on a running sandbox.

IPv4 only: hostnames, domains, and IPv6 are not supported
CIDR required: every entry must include a / prefix length integer in the range 0 to 32 (inclusive), for example: /32
CIDR format: use standard CIDR notation (A.B.C.D/N). Do not include extra / segments
Max 10 entries: the list cannot contain more than 10 comma-separated items
Whitespace is ignored: entries are trimmed, so spaces around commas are ok

The following examples are valid:

Single IP: 208.80.154.232/32 (Wikipedia)
Subnet: 192.168.1.0/24 (Private network)
Multiple networks: 208.80.154.232/32,199.16.156.103/32,10.0.0.0/8

Organization configuration

The network access policies for your organization are set automatically depending on your organization’s limits tier and cannot be modified by organization administrators. These policies determine the default network behavior for all sandboxes in your organization.

Test network access

To test network connectivity from your sandbox:

# Test HTTP connectivity to allowed addresses
curl -I https://208.80.154.232

# Test package manager access (allowed on all tiers)
apt update  # For Ubuntu/Debian
npm ping    # For Node.js
pip install --dry-run requests  # For Python

Security benefits

Network limits provide several security advantages:

Prevents data exfiltration from sandboxes
Reduces attack surface by limiting external connections
Complies with security policies for development environments
Enables fine-grained control over network access

Essential services

Daytona provides a list of essential services that are available on all tiers and can be used for development.

NPM registry and package managers

NPM Registry: registry.npmjs.org, registry.npmjs.com, nodejs.org, nodesource.com, npm.pkg.github.com
Yarn Packages: yarnpkg.com, *.yarnpkg.com, yarn.npmjs.org, yarnpkg.netlify.com
Bun: bun.sh, *.bun.sh

Git hosting and version control

GitHub: github.com, *.github.com, *.githubusercontent.com, ghcr.io
GitLab: gitlab.com, *.gitlab.com
Bitbucket: bitbucket.org
Azure DevOps: dev.azure.com, *.dev.azure.com, login.microsoftonline.com, visualstudio.com, *.visualstudio.com, ssh.dev.azure.com, vs-ssh.visualstudio.com

Python package managers

PyPI: pypi.org, pypi.python.org, files.pythonhosted.org, bootstrap.pypa.io, astral.sh

Composer packages

Composer: *.packagist.org, packagist.com

Ubuntu/Debian package repositories

Ubuntu Repos: *.ubuntu.com
Debian Repos: *.debian.org, cdn-fastly.deb.debian.org

CDN and content delivery

CDN Services: fastly.com, cloudflare.com, r2.cloudflarestorage.com, *.r2.cloudflarestorage.com
JavaScript CDNs: unpkg.com, jsdelivr.net

AI/ML services

Anthropic: *.anthropic.com, claude.ai, platform.claude.com
OpenAI: openai.com, *.openai.com, chatgpt.com
Google AI: generativelanguage.googleapis.com, gemini.google.com, aistudio.google.com, ai.google.dev, models.dev
Perplexity: api.perplexity.ai
DeepSeek: api.deepseek.com
Groq: api.groq.com
Expo: api.expo.dev
OpenRouter: openrouter.ai
Qwen: chat.qwen.ai, dashscope.aliyuncs.com, dashscope-intl.aliyuncs.com
Cursor: *.cursor.com
OpenCode: opencode.ai, *.opencode.ai
Other AI Services: api.letta.com, api.fireworks.ai, open.bigmodel.cn, *.z.ai, *.moonshot.ai, ai-gateway.vercel.sh, api.featherless.ai

Docker registries and container services

Docker Registries: docker.io, *.docker.io, *.docker.com
Microsoft Container Registry: mcr.microsoft.com
Kubernetes Registry: registry.k8s.io
Google Container Registry: gcr.io, *.gcr.io, registry.cloud.google.com
Quay: quay.io, quay-registry.s3.amazonaws.com

Maven repositories

Maven Repos: repo1.maven.org, repo.maven.apache.org

Google Fonts

Google Fonts: fonts.googleapis.com, fonts.gstatic.com

AWS S3 endpoints

US East: s3.us-east-1.amazonaws.com, s3.us-east-2.amazonaws.com
US West: s3.us-west-1.amazonaws.com, s3.us-west-2.amazonaws.com
EU: s3.eu-central-1.amazonaws.com, s3.eu-west-1.amazonaws.com, s3.eu-west-2.amazonaws.com

Google Cloud Storage

GCS: storage.googleapis.com

Daytona

Daytona: app.daytona.io

Developer tools and services

Convex: convex.dev, *.convex.dev, *.convex.cloud, *.convex.site
Heroku: herokuapp.com, *.herokuapp.com
Vercel: vercel.com, *.vercel.com, *.vercel.app
Supabase: supabase.com, *.supabase.com, supabase.co, *.supabase.co
Clerk: clerk.com, *.clerk.com, clerk.dev, *.clerk.dev, accounts.dev, *.accounts.dev, clerk.accounts.dev, *.clerk.accounts.dev
WorkOS: workos.com, *.workos.com, authkit.app, *.authkit.app
Inngest: inngest.com, *.inngest.com
PostHog: posthog.com, *.posthog.com
Sentry: sentry.io, *.sentry.io, sentry-cdn.com, *.sentry-cdn.com
Linear: linear.app, *.linear.app
Figma: figma.com, *.figma.com, *.figmafiles.com
ClickUp: clickup.com, *.clickup.com
Playwright: playwright.dev, cdn.playwright.dev

Messaging services

Telegram: api.telegram.org
WhatsApp: web.whatsapp.com, *.whatsapp.net

LLM observability

Langfuse: *.langfuse.com, *.cloud.langfuse.com

Troubleshooting

If you encounter network access issues or need unrestricted network access:

Verify your organization tier in the Daytona Dashboard ↗
Verify your network allow list configuration
Contact support@daytona.io for assistance