docker sandbox network proxy
| Description | Manage proxy configuration for a sandbox |
|---|---|
| Usage | docker sandbox network proxy <sandbox> [OPTIONS] |
Description
Manage proxy configuration for a sandbox
Options
| Option | Default | Description |
|---|---|---|
--allow-cidr | Remove an IP range in CIDR notation from the block or bypass lists (can be specified multiple times) | |
--allow-host | Permit access to a domain or IP (can be specified multiple times) | |
--block-cidr | Block access to an IP range in CIDR notation (can be specified multiple times) | |
--block-host | Block access to a domain or IP (can be specified multiple times) | |
--bypass-cidr | Bypass proxy for an IP range in CIDR notation (can be specified multiple times) | |
--bypass-host | Bypass proxy for a domain or IP (can be specified multiple times) | |
--policy | Set the default policy |
Examples
Block access to a domain
$ docker sandbox network proxy my-sandbox --block-host example.com
Block multiple domains
$ docker sandbox network proxy my-sandbox \
--block-host example.com \
--block-host malicious.site
Block IP range (--block-cidr)
--block-cidr CIDRBlock access to an IP range in CIDR notation:
$ docker sandbox network proxy my-sandbox --block-cidr 192.168.1.0/24
Allow specific domain (--allow-host)
--allow-host DOMAINPermit access to a domain (useful with deny-by-default policy):
$ docker sandbox network proxy my-sandbox \
--policy deny \
--allow-host api.trusted-service.com
Bypass proxy for domain (--bypass-host)
--bypass-host DOMAINBypass proxy for specific domains:
$ docker sandbox network proxy my-sandbox --bypass-host localhost
Bypass proxy for IP range (--bypass-cidr)
--bypass-cidr CIDRBypass proxy for an IP range:
$ docker sandbox network proxy my-sandbox --bypass-cidr 127.0.0.0/8
Set default policy (--policy)
--policy allow|denySet the default policy for network access:
# Allow by default, block specific hosts
$ docker sandbox network proxy my-sandbox \
--policy allow \
--block-host dangerous.example
# Deny by default, allow specific hosts
$ docker sandbox network proxy my-sandbox \
--policy deny \
--allow-host api.trusted.com \
--allow-host cdn.trusted.com
Remove rules
Use --allow-cidr to remove IP ranges from block or bypass lists:
$ docker sandbox network proxy my-sandbox --allow-cidr 192.168.1.0/24
