# Contents

Domain Firewall provides granular, domain-level egress control at the sandbox level. You can define exactly which destinations a sandbox is allowed to reach, and outbound requests to any other domain are blocked.

Domain-level egress control

Running untrusted or AI-generated code means the code can attempt to make outbound network calls. Without egress restrictions, a sandbox can reach any destination, which allows data exfiltration to attacker-controlled endpoints and calls to services it should never touch. For enterprises running untrusted agent code, this is a hard requirement and a common blocker in security review.

Domain Firewall restricts outbound traffic to an explicit set of allowed domains. Requests to destinations outside that set are denied at the sandbox boundary, so the network reach of the code matches exactly what the workload needs.

How it works

  • Allowlist policy: Define the domains a sandbox may reach; all other outbound destinations are blocked by default.

  • Sandbox-level enforcement: Egress rules apply per sandbox, so different workloads can run under different network policies.

  • Deny by default: Any destination not on the allowlist is rejected, which limits exfiltration paths for untrusted code.

Get Started

Domain Firewall is available to all Daytona organizations. Read the documentation to get started.

1from daytona import CreateSandboxFromSnapshotParams, Daytona
2
3daytona = Daytona()
4
5# Allow access to specific IP addresses
6sandbox = daytona.create(CreateSandboxFromSnapshotParams(
7 network_allow_list='208.80.154.232/32,199.16.156.103/32'
8))
9
10# Allow access to specific domains
11sandbox = daytona.create(CreateSandboxFromSnapshotParams(
12 domain_allow_list='example.com,*.daytona.io'
13))
14
15# Or block all network access
16sandbox = daytona.create(CreateSandboxFromSnapshotParams(
17 network_block_all=True
18))