Show HN: Network-filter – domains-based whitelist for Docker containers

3 points by txprog 5 months ago · 0 comments · 1 min read

Built this because LLM tools with MCP servers (OpenCode, Goose, Claude code, etc.) have too much network access. It uses network_mode: 'service:x' to force containers through iptables rules that drop everything except whitelisted domains. No proxy - operates at the network namespace level so bypasses aren't possible.

No comments yet.