Skip to content

Network Limits (Firewall)

View as Markdown

Daytona provides network egress limiting for sandboxes to control internet access. This feature can be automatically applied based on your organization’s limits or manually configured for specific sandboxes.

Network limits are automatically applied to sandboxes based on your organization’s billing tier. This provides secure and controlled internet access for development environments:

  • Tier 1 & Tier 2: Network access is restricted and cannot be overridden at the sandbox level. Organization-level network restrictions take precedence over sandbox-level settings. Even with networkAllowList or domainAllowList specified when creating a sandbox, the organization’s network restrictions still apply
  • Tier 3 & Tier 4: Full internet access is available by default, with the ability to configure custom network settings

To learn more about organization tiers and limits, see limits.

Essential services are available on all tiers and include services essential for development: package registries, container registries, Git repositories, CDN services, platform services, and system package managers.

Create sandboxes with network restrictions

Section titled “Create sandboxes with network restrictions”

Daytona provides methods to control network access when creating sandboxes by using the networkAllowList, domainAllowList, and networkBlockAll parameters. Use networkAllowList for IPv4 CIDR ranges, domainAllowList for domains and wildcard domains, and networkBlockAll to block outbound network access:

from daytona import CreateSandboxFromSnapshotParams, Daytona
daytona = Daytona()
# Allow access to specific IP addresses (Wikipedia, X/Twitter, private network)
sandbox = daytona.create(CreateSandboxFromSnapshotParams(
network_allow_list='208.80.154.232/32,199.16.156.103/32,192.168.1.0/24'
))
# Allow access to specific domains
sandbox = daytona.create(CreateSandboxFromSnapshotParams(
domain_allow_list='example.com,*.daytona.io'
))
# Or block all network access
sandbox = daytona.create(CreateSandboxFromSnapshotParams(
network_block_all=True
))

Update network settings while a sandbox is running

Section titled “Update network settings while a sandbox is running”

Daytona provides methods to update network settings for running sandboxes. Organizations on Tier 3 and Tier 4 can change outbound firewall policy after the sandbox is created. The API applies the new rules on the runner and persists them on the sandbox record. The sandbox keeps running; stop or start are not required.

The request must include at least one of networkBlockAll, networkAllowList, or domainAllowList. Rules match create-time behavior and use the same network allow list and domain allow list formats.

  • Sending networkAllowList as an empty string clears a stored CIDR allow list
  • Sending domainAllowList as an empty string clears a stored domain allow list
  • Sending networkBlockAll: true blocks all outbound traffic and clears both the stored CIDR and domain allow lists
  • Sending only networkBlockAll: false removes the block-all rule and clears both the stored CIDR and domain allow lists

This operation requires the WRITE_SANDBOXES permission. Organizations on Tier 1 or Tier 2 cannot override network policy at the sandbox level, and the API returns an error in that case.

# Block all outbound traffic (clears the CIDR allow list)
sandbox.update_network_settings(network_block_all=True)
# Remove the block-all rule and clear the CIDR allow list
sandbox.update_network_settings(network_block_all=False)
# Apply or replace a CIDR allow list (implies not blocking all)
sandbox.update_network_settings(
network_allow_list='208.80.154.232/32,192.168.1.0/24'
)
# Apply or replace a domain allow list
sandbox.update_network_settings(
domain_allow_list='example.com,*.daytona.io'
)
# Clear a stored CIDR allow list (empty string). Outbound traffic still follows `network_block_all`.
sandbox.update_network_settings(network_allow_list='')
# Clear a stored domain allow list
sandbox.update_network_settings(domain_allow_list='')

The network allow list is a comma-separated list of IPv4 CIDR blocks. Set your allowed networks using the networkAllowList parameter when creating a sandbox or when updating settings on a running sandbox. To allow hostnames or DNS domains instead, use domainAllowList.

  • IPv4 only: hostnames, domains, and IPv6 are not supported
  • CIDR required: every entry must include a / prefix length integer in the range 0 to 32 (inclusive), for example: /32
  • CIDR format: use standard CIDR notation (A.B.C.D/N). Do not include extra / segments
  • Max 10 entries: the list cannot contain more than 10 comma-separated items
  • Whitespace is ignored: entries are trimmed, so spaces around commas are ok

The following examples are valid:

  • Single IP: 208.80.154.232/32 (Wikipedia)
  • Subnet: 192.168.1.0/24 (Private network)
  • Multiple networks: 208.80.154.232/32,199.16.156.103/32,10.0.0.0/8

The domain allow list is a comma-separated list of DNS domains. Set your allowed domains using the domainAllowList parameter when creating a sandbox or when updating settings on a running sandbox. When a domain allow list is set, outbound traffic is limited to the listed domains and other external domains are blocked.

  • Domains only: use hostnames such as example.com or api.openai.com. Do not include protocols, paths, ports, or query strings
  • Wildcards supported: prefix a domain with *. to allow the base domain and its subdomains, for example *.daytona.io
  • Max 20 entries: the list cannot contain more than 20 comma-separated items
  • Whitespace is ignored: entries are trimmed, so spaces around commas are ok
  • Clear on update: send domainAllowList as an empty string when updating network settings to clear a stored domain allow list

The following examples are valid:

  • Single domain: example.com
  • Wildcard domain: *.daytona.io
  • Multiple domains: example.com,*.daytona.io,api.openai.com

The network access policies for your organization are set automatically depending on your organization’s limits tier and cannot be modified by organization administrators. These policies determine the default network behavior for all sandboxes in your organization.

To test network connectivity from your sandbox:

Terminal window
# Test HTTP connectivity to allowed addresses
curl -I https://208.80.154.232
# Test HTTP connectivity to allowed domains
curl -I https://example.com
# Test package manager access (allowed on all tiers)
apt update # For Ubuntu/Debian
npm ping # For Node.js
pip install --dry-run requests # For Python

Network limits provide several security advantages:

  • Prevents data exfiltration from sandboxes
  • Reduces attack surface by limiting external connections
  • Complies with security policies for development environments
  • Enables fine-grained control over network access

Daytona provides a list of essential services that are available on all tiers and can be used for development.

  • NPM Registry: registry.npmjs.org, registry.npmjs.com, nodejs.org, nodesource.com, npm.pkg.github.com
  • Yarn Packages: yarnpkg.com, *.yarnpkg.com, yarn.npmjs.org, yarnpkg.netlify.com
  • Bun: bun.sh, *.bun.sh
  • GitHub: github.com, *.github.com, *.githubusercontent.com, ghcr.io
  • GitLab: gitlab.com, *.gitlab.com
  • Bitbucket: bitbucket.org
  • Azure DevOps: dev.azure.com, *.dev.azure.com, login.microsoftonline.com, visualstudio.com, *.visualstudio.com, ssh.dev.azure.com, vs-ssh.visualstudio.com
  • PyPI: pypi.org, pypi.python.org, files.pythonhosted.org, bootstrap.pypa.io, astral.sh
  • Composer: *.packagist.org, packagist.com
  • Ubuntu Repos: *.ubuntu.com
  • Debian Repos: *.debian.org, cdn-fastly.deb.debian.org
  • CDN Services: fastly.com, cloudflare.com, r2.cloudflarestorage.com, *.r2.cloudflarestorage.com
  • JavaScript CDNs: unpkg.com, jsdelivr.net
  • Anthropic: *.anthropic.com, claude.ai, platform.claude.com
  • OpenAI: openai.com, *.openai.com, chatgpt.com
  • Google AI: generativelanguage.googleapis.com, gemini.google.com, aistudio.google.com, ai.google.dev, models.dev
  • Perplexity: api.perplexity.ai
  • DeepSeek: api.deepseek.com
  • Groq: api.groq.com
  • Expo: api.expo.dev
  • OpenRouter: openrouter.ai
  • Qwen: chat.qwen.ai, dashscope.aliyuncs.com, dashscope-intl.aliyuncs.com
  • Cursor: *.cursor.com
  • OpenCode: opencode.ai, *.opencode.ai
  • Other AI Services: api.letta.com, api.fireworks.ai, open.bigmodel.cn, *.z.ai, *.moonshot.ai, ai-gateway.vercel.sh, api.featherless.ai
  • Docker Registries: docker.io, *.docker.io, *.docker.com
  • Microsoft Container Registry: mcr.microsoft.com
  • Kubernetes Registry: registry.k8s.io
  • Google Container Registry: gcr.io, *.gcr.io, registry.cloud.google.com
  • Quay: quay.io, quay-registry.s3.amazonaws.com
  • Maven Repos: repo1.maven.org, repo.maven.apache.org
  • Google Fonts: fonts.googleapis.com, fonts.gstatic.com
  • US East: s3.us-east-1.amazonaws.com, s3.us-east-2.amazonaws.com
  • US West: s3.us-west-1.amazonaws.com, s3.us-west-2.amazonaws.com
  • EU: s3.eu-central-1.amazonaws.com, s3.eu-west-1.amazonaws.com, s3.eu-west-2.amazonaws.com
  • GCS: storage.googleapis.com
  • Daytona: app.daytona.io
  • Convex: convex.dev, *.convex.dev, *.convex.cloud, *.convex.site
  • Heroku: herokuapp.com, *.herokuapp.com
  • Vercel: vercel.com, *.vercel.com, *.vercel.app
  • Supabase: supabase.com, *.supabase.com, supabase.co, *.supabase.co
  • Clerk: clerk.com, *.clerk.com, clerk.dev, *.clerk.dev, accounts.dev, *.accounts.dev, clerk.accounts.dev, *.clerk.accounts.dev
  • WorkOS: workos.com, *.workos.com, authkit.app, *.authkit.app
  • Inngest: inngest.com, *.inngest.com
  • PostHog: posthog.com, *.posthog.com
  • Sentry: sentry.io, *.sentry.io, sentry-cdn.com, *.sentry-cdn.com
  • Linear: linear.app, *.linear.app
  • Figma: figma.com, *.figma.com, *.figmafiles.com
  • ClickUp: clickup.com, *.clickup.com
  • Playwright: playwright.dev, cdn.playwright.dev
  • Telegram: api.telegram.org
  • WhatsApp: web.whatsapp.com, *.whatsapp.net
  • Langfuse: *.langfuse.com, *.cloud.langfuse.com

If you encounter network access issues or need unrestricted network access:

  1. Verify your organization tier in the Daytona Dashboard ↗
  2. Verify your network allow list and domain allow list configuration
  3. Contact support@daytona.io for assistance