A network proxy for container-based sandbox environments.
sandworm is a standalone HTTP/HTTPS proxy server designed to run in containerized environments. It provides configurable domain and CIDR filtering to control network access from sandboxed containers.
Roadmap includes adding support for arbitrary TCP connections.
sandworm --port 2137 --domains "github.com,golang.org" --cidrs "10.0.0.0/8"--port, -p: Proxy port (default: 2137)--admin, -a: Enable admin panel (default: false)--domains, -d: Comma-separated list of allowed domains--cidrs, -c: Comma-separated list of allowed CIDRs--log-level, -l: Log level (debug, info, warn, error) (default: info)
go build -o sandworm ./cmd/sandwormBuild the Docker image with the accompanying Dockerfile. For size-optimized builds, there's also a script:
./build-minimal-image.shGo ahead and grab one, it's just 12MB at the time of writing! https://hub.docker.com/r/poolsideengineering/sandworm
docker pull poolsideengineering/sandworm:latest
┌─────────┐
│ cont2 │
┌─────────┐ └─────┬───┘ ┌─────────┐
│ cont1 │──────┐ │ ┌────┼ cont3 │
└─────────┘ │ │ │ └─────────┘
│ │ │
┌───▼─────▼────▼──┐
│ internal network│
│ 172.31.0.0/24 │
└────────┬────────┘
│
┌────────▼─────────┐
│ sandworm │
│ │◄─┐
└────────┬─────────┘ │
│ │
┌────────▼─────────┐ │
│ isolated network │──┘
│ 172.32.0.0/24 │
└────────┬─────────┘
│
▼
xxxxxxxxxxx
xxx xxxxxxx
x xxxxx
x xx
x world wide web x
x ~~~~ xx
x~~~~~~~ xxx
x~~~~~~~ xx
xx~~~~~~~~~ xxx
xxxxxxxxx
Yes, we have one!
