E2B icon indicating copy to clipboard operation
E2B copied to clipboard
verified publisher icon e2b-dev

feat: implement network out allow/deny list support

Open dobrac opened this issue 2 months ago • 2 comments

Add Network Outbound Traffic Control for Sandboxes

Users can now configure network restrictions when creating sandboxes using the new network configuration option with allowOut and denyOut parameters.

  • [x] Requires https://github.com/e2b-dev/infra/pull/1447 to be merged and deployed first

Key Features

  • Allow List: Specify IP addresses, CIDR blocks that sandboxes can connect to
  • Deny List: Specify IP addresses, CIDR blocks that sandboxes cannot connect to
  • Priority Rules: allowOut takes precedence over denyOut when there are conflicts
  • Helper Const: New ALL_TRAFFIC helper to easily deny/allow all network traffic (0.0.0.0/0)

Usage Examples

JavaScript/TypeScript:

import { Sandbox, ALL_TRAFFIC } from 'e2b'

// Block all traffic except specific IPs
const sandbox = await Sandbox.create('template-id', {
  network: {
    denyOut: [ALL_TRAFFIC],
    allowOut: ['1.1.1.1', '8.8.8.0/24']
  }
})

// Block specific IPs only
const sandbox = await Sandbox.create('template-id', {
  network: {
    denyOut: ['8.8.8.8']
  }
})

Python:

from e2b import AsyncSandbox, ALL_TRAFFIC

# Block all traffic except specific IPs
sandbox = await AsyncSandbox.create(
    network={
        "allow_out": ["8.8.8.8"],
        "deny_out": [ALL_TRAFFIC]
    }
)

[!NOTE] Adds network egress allow/deny configuration to sandboxes in JS/Python SDKs (with ALL_TRAFFIC helper), updates OpenAPI/spec and generated types (incl. new template builds listing and TemplateBuildInfo), and adds tests.

  • SDKs (JS & Python):
    • Add SandboxNetworkOpts with allowOut/denyOut; pass network on sandbox create; refine allowInternetAccess semantics.
    • Export ALL_TRAFFIC helper (0.0.0.0/0).
  • Tests:
    • Add JS and Python (sync/async) tests validating allow/deny behavior and precedence; test fixtures accept sandboxOpts.
  • API/Spec:
    • Introduce SandboxNetworkConfig; extend NewSandbox with network; add trafficAccessToken to Sandbox.
    • Add GET /templates/{templateID} returning TemplateWithBuilds; standardize pagination params.
    • Change build status response to TemplateBuildInfo; redefine TemplateBuild as build summary with cpu/mem/timestamps.
    • Regenerate JS TS types and Python client models to match.
  • Tooling/Meta:
    • Update openapi-typescript generation flags; add changeset for minor releases.

Written by Cursor Bugbot for commit dceb2bc0553cca532953dd748cde7665d04e574f. This will update automatically on new commits. Configure here.

dobrac avatar Nov 10 '25 20:11 dobrac

🦋 Changeset detected

Latest commit: 2b7e7155b881a891d48534c75a9536198ed0e243

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@e2b/python-sdk Minor
e2b Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

changeset-bot[bot] avatar Nov 10 '25 20:11 changeset-bot[bot]

I like this api 👍

sitole avatar Nov 11 '25 11:11 sitole