Static · NetworkPolicy5
NetworkPolicy::builder()start the fluent builder NetworkPolicy::none()deny everything NetworkPolicy::allow_all()allow everything NetworkPolicy::public_only()public internet only (default) NetworkPolicy::non_local()public + private, no localInstance · NetworkPolicy8
policy.allow_domain()prepend an allow-Domain rule policy.deny_domain()prepend a deny-Domain rule policy.allow_domains()prepend allow-Domain rules policy.deny_domains()prepend deny-Domain rules policy.allow_domain_suffix()prepend an allow-suffix rule policy.deny_domain_suffix()prepend a deny-suffix rule policy.allow_domain_suffixes()prepend allow-suffix rules policy.deny_domain_suffixes()prepend deny-suffix rulesBuilder · NetworkBuilder15
Builder · NetworkPolicyBuilder9
Builder · RuleBuilder32
Builder · RuleDestinationBuilder6
Builder · DnsBuilder · TlsBuilder · ViolationActionBuilder16
Types
Typical flow
```rust use microsandbox::{NetworkPolicy, Sandbox}; let policy = NetworkPolicy::builder() // 1. compose a policy .default_deny() .egress(|e| e.tcp().port(443).allow_public()) .rule(|r| r.any().deny().ip("198.51.100.5")) .build()?; let sb = Sandbox::builder("api") .image("python") .network(|n| n // 2. wire it into the sandbox .policy(policy) .port(8080, 80) .dns(|d| d.rebind_protection(true))) .create() .await?; ``` The default policy denies egress except for an implicit allow-public rule (plus DNS), and allows ingress with no rules. See the [defaults rationale](/networking/overview#defaults) for the asymmetry. `NetworkPolicy` and the builders live in `microsandbox_network`; `NetworkPolicy` is also re-exported from the crate root as `microsandbox::NetworkPolicy`. ## NetworkPolicy static methods A [`NetworkPolicy`](#networkpolicy) is an ordered rule list plus two per-direction defaults, evaluated first-match-wins. The presets below construct common shapes directly; for anything custom, start from [`builder()`](#networkpolicybuilder). --- #### NetworkPolicy::builder()Returns
Parameters
namesIntoIterator<Item = AsRef<str>>Parameters
actionActionParameters
actionActionReturns
Parameters
portu16Parameters
lou16hiu16lo > hi records BuildError::InvalidPortRange.Parameters
policyNetworkPolicyParameters
host_portu16guest_portu16Parameters
host_bindIpAddrhost_portu16guest_portu16Parameters
maxusizeParameters
poolIpv4Network/30 or shorter.Parameters
overridesInterfaceOverridesParameters
Parameters
nameserversIntoIterator<Item = Into<Nameserver>>Parameters
patternimpl Into<String>*.suffix wildcards.Parameters
hostimpl Into<String>Parameters
i_understand_the_riskbooltrue to take effect.Built by NetworkPolicy::builder() · used by policy()
An ordered rule list plus two per-direction defaults, evaluated first-match-wins. Egress evaluation considers rules where `direction ∈ {Egress, Any}`; ingress considers `{Ingress, Any}`. If no rule matches, the direction-specific default applies. `Default` is [`public_only()`](#networkpolicypublic_only). | Field | Type | Description | |-------|------|-------------| | default_egress | [`Action`](#action) | Action when no egress-applicable rule matches | | default_ingress | [`Action`](#action) | Action when no ingress-applicable rule matches | | rules | `Vec<`[`Rule`](#rule)`>` | Ordered rules; first match wins per direction | ### RuleHeld by NetworkPolicy
A single policy rule. The `destination` interpretation is direction-dependent: egress destination, or ingress peer/source. `ports` is always the guest-side port (egress destination port / ingress listening port). | Field | Type | Description | |-------|------|-------------| | direction | [`Direction`](#direction) | Which evaluator considers this rule | | destination | [`Destination`](#destination) | Target filter | | protocols | `Vec<`[`Protocol`](#protocol)`>` | Set semantics; empty = any protocol | | ports | `Vec<`[`PortRange`](#portrange)`>` | Set semantics; empty = any port | | action | [`Action`](#action) | What to do on match | Convenience constructors build any-protocol, any-port rules: | Method | Description | |--------|-------------| | `Rule::allow_egress(destination)` | Allow rule, direction `Egress` | | `Rule::deny_egress(destination)` | Deny rule, direction `Egress` | | `Rule::allow_ingress(destination)` | Allow rule, direction `Ingress` | | `Rule::deny_ingress(destination)` | Deny rule, direction `Ingress` | | `Rule::allow_any(destination)` | Allow rule, direction `Any` | | `Rule::deny_any(destination)` | Deny rule, direction `Any` | | `Rule::allow_dns()` | Allow plain DNS (UDP/53 + TCP/53) to the gateway forwarder (`Group::Host`); the one-liner for opening DNS under deny-by-default. See [DNS as egress](/networking/dns#dns-as-egress) | ### ActionUsed by Rule · NetworkPolicy · default_egress()
| Value | Wire format | Description | |-------|-------------|-------------| | `Allow` | `"allow"` | Permit the traffic | | `Deny` | `"deny"` | Drop the traffic silently | ### DirectionUsed by Rule
| Value | Wire format | Description | |-------|-------------|-------------| | `Egress` | `"egress"` | Traffic leaving the sandbox | | `Ingress` | `"ingress"` | Traffic entering the sandbox (via published ports) | | `Any` | `"any"` | Rule applies in either direction | ### DestinationHeld by Rule · committed by RuleDestinationBuilder
| Variant | Description | |---------|-------------| | `Any` | Match any address | | `Cidr(IpNetwork)` | Match a CIDR range (e.g. `10.0.0.0/8`); single IPs are stored as `/32` or `/128` | | `Domain(`[`DomainName`](#domainname)`)` | Match an exact domain (e.g. `example.com`) when a cached hostname for the remote IP equals it | | `DomainSuffix(`[`DomainName`](#domainname)`)` | Match the apex domain and every subdomain (e.g. `example.com` and `api.example.com`) | | `Group(`[`DestinationGroup`](#destinationgroup)`)` | Match a predefined address group | ### DestinationGroupHeld by Destination · committed by RuleBuilder group adders
Groups are disjoint with one carve-out: `Metadata` takes precedence over `LinkLocal` for `169.254.169.254`, and `Host` over `Private` when the gateway IPs sit in CGN/ULA ranges. | Value | Wire format | Matches | |-------|-------------|---------| | `Public` | `"public"` | Complement of the other categories: every address not in any other group | | `Loopback` | `"loopback"` | `127.0.0.0/8`, `::1` (the **guest's own** loopback, not the host) | | `Private` | `"private"` | RFC1918 (`10/8`, `172.16/12`, `192.168/16`) + CGN (`100.64/10`) + ULA (`fc00::/7`) | | `LinkLocal` | `"link_local"` | `169.254.0.0/16`, `fe80::/10` (excludes metadata) | | `Metadata` | `"metadata"` | Cloud metadata endpoint (`169.254.169.254`) | | `Multicast` | `"multicast"` | `224.0.0.0/4`, `ff00::/8` | | `Host` | `"host"` | Per-sandbox gateway IPs that back `host.microsandbox.internal` | ### ProtocolHeld by Rule · set by RuleBuilder protocol setters
| Value | Wire format | |-------|-------------| | `Tcp` | `"tcp"` | | `Udp` | `"udp"` | | `Icmpv4` | `"icmpv4"` | | `Icmpv6` | `"icmpv6"` | ICMP protocols are egress-only. A rule with direction `Ingress` or `Any` carrying an ICMP protocol fails build with [`BuildError::IngressDoesNotSupportIcmp`](#builderror). ### PortRangeHeld by Rule · added by port() · port_range()
An inclusive port range. | Field | Type | Description | |-------|------|-------------| | start | `u16` | Start port (inclusive) | | end | `u16` | End port (inclusive) | | Method | Description | |--------|-------------| | `PortRange::single(port)` | Match a single port | | `PortRange::range(start, end)` | Match an inclusive range | | `contains(port)` | Whether `port` falls within the range | ### DomainNameHeld by Destination::Domain / DomainSuffix
A validated DNS name. Construction goes through `str::parse` (or `TryFromUsed by nameservers()
An upstream DNS server, either a literal address or a hostname resolved at interceptor startup via the host's OS resolver. Serializes as a single string. Construct via `FromUsed by interface()
Per-sandbox guest interface overrides. Every field is optional; an omitted field is derived deterministically from the sandbox slot. Most callers only touch the pools via [`ipv4_pool()`](#ipv4_pool) / [`ipv6_pool()`](#ipv6_pool) rather than constructing this directly. | Field | Type | Description | |-------|------|-------------| | mac | `Option<[u8; 6]>` | Guest MAC address. Default: derived from slot | | mtu | `OptionReturned by NetworkPolicyBuilder::build() · wrapped by NetworkBuilder
Errors surfaced by the builders' `build()` methods. The same enum covers [`NetworkPolicy::builder()`](#networkpolicybuilder), [`DnsBuilder`](#dnsbuilder), and [`NetworkBuilder`](#networkbuilder); the network and DNS builders accumulate lazily, so the first failure surfaces from the outermost `build()` in the chain. | Variant | Cause | |---------|-------| | `DirectionNotSet { rule_index }` | A rule was committed without `.egress() / .ingress() / .any()` | | `MissingDestination { rule_index }` | `.allow()` or `.deny()` was called but no destination method followed | | `InvalidIp { rule_index, raw }` | `.ip(&str)` got an unparseable value | | `InvalidCidr { rule_index, raw }` | `.cidr(&str)` got an unparseable value | | `InvalidIpv4Pool { raw }` | `ipv4_pool()` got a pool that can't hold a `/30` sandbox subnet | | `InvalidIpv6Pool { raw }` | `ipv6_pool()` got a pool that can't hold a `/64` sandbox prefix | | `InvalidDomain { rule_index, raw, source }` | `.domain` / `.domain_suffix` got a value that failed `DomainName` parse | | `InvalidPortRange { rule_index, lo, hi }` | `.port_range(lo, hi)` had `lo > hi` | | `IngressDoesNotSupportIcmp { rule_index }` | ICMP protocol on a non-egress rule | | `InvalidSecretConfig { source }` | A secret entry failed validation | Inside `SandboxBuilder::build()`, `BuildError` is wrapped as `MicrosandboxError::NetworkBuilder(BuildError)`. ### ViolationActionBuilt by ViolationActionBuilder · used by on_secret_violation()
Action taken when a secret placeholder is sent to a disallowed host. Also documented on the [Secrets](/sdk/rust/secrets#violationaction) page, where it pairs with [`SecretBuilder`](/sdk/rust/secrets#secretbuilder). | Value | Wire format | Description | |-------|-------------|-------------| | `Block` | `"block"` | Silently drop the request | | `BlockAndLog` | `"block-and-log"` | Drop the request and emit a warning log (the default) | | `BlockAndTerminate` | `"block-and-terminate"` | Drop the request, log an error, and shut down the sandbox | | `Passthrough(Vec<`[`HostPattern`](/sdk/rust/secrets#hostpattern)`>)` | `"passthrough"` | Forward matching hosts with the placeholder unchanged; non-matching hosts use the default action |