Security isn’t optional. It’s foundational.
Today, as part of Launch Week, we’re excited to announce the Daytona Sandboxes Firewall, giving you fine-grained control over network access inside your Sandboxes.
By default, Sandboxes follow strict security policies. But for many teams, that’s just the baseline. You need to decide what’s trusted and what’s not. The Sandboxes Firewall gives you that control.
Two Ways to Lock It Down
Block Everything:
SetnetworkBlockAlltotrueand shut off all external network access. Perfect for running untrusted code in a zero-egress environment.Allow Only What You Trust:
UsenetworkAllowListto define up to 5 CIDR blocks. Only those networks are reachable; everything else is blocked.
This balance of control lets you run workloads with the exact level of exposure you’re comfortable with.
How It Works
Here’s how simple it is to configure network rules when creating a Sandbox:
Python Example
1from daytona import Daytona, CreateSandboxFromSnapshotParams23daytona = Daytona()45# Block all network access6params = CreateSandboxFromSnapshotParams(7 network_block_all=True8)9sandbox = daytona.create(params)1011# Explicitly allow list of network addresses12params = CreateSandboxFromSnapshotParams(13 network_allow_list="192.168.1.0/16,10.0.0.0/24"14)15sandbox = daytona.create(params)
Typescript example available in docs
Why It Matters
When you’re running untrusted code, every open network path is a potential attack surface. The Sandboxes Firewall helps reduce that surface by making zero-trust defaults practical:
Block everything.
Allow only what you decide.
No more guessing, no more blind spots. Just explicit control.
A Word of Caution
Enabling unrestricted network access may expose you to security risks. We strongly recommend either:
Whitelisting specific network addresses with
networkAllowList, orBlocking all access with
networkBlockAll.
Get Started with Daytona Firewall
Try the new Sandboxes Firewall today and lock down your environments with explicit network policies.
