You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add OPEN_TERMINAL_ALLOWED_DOMAINS env var for domain-level network
restriction. Uses dnsmasq as a local DNS resolver (NXDOMAIN for
non-whitelisted domains), ipset for dynamic IP tracking (dnsmasq
auto-populates resolved IPs), iptables to block external DNS and
non-whitelisted IPs, and capsh to permanently drop CAP_NET_ADMIN.
Supports wildcards (*.github.com), live DNS, fails closed.
Set to empty string to block all; omit for full access.
Gracefully skips on bare metal if iptables is unavailable.
Bump version 0.11.11 → 0.11.12
Copy file name to clipboardExpand all lines: CHANGELOG.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
4
4
5
5
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
6
7
+
## [0.11.12] - 2026-03-12
8
+
9
+
### Added
10
+
11
+
- 🔒 **Network egress filtering** (Docker only) — restrict which domains the container can access via the `OPEN_TERMINAL_ALLOWED_DOMAINS` env var. Supports wildcards (e.g. `*.github.com`). Set to empty string to block all outbound traffic; omit for full access. Skips gracefully on bare-metal installs.
0 commit comments