From 869b6af7f7a9f16fb46f6dbebdfeeabe6141ffd7 Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Mon, 9 Feb 2026 20:16:02 -0800
Subject: [PATCH] Block sandbox access to local network

Add nftables forward rules to prevent sandboxed workspaces from
reaching RFC1918 private addresses while allowing public internet
and the host gateway (for DNS/NAT).
---
 common/network/sandbox.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/common/network/sandbox.nix b/common/network/sandbox.nix
index c9cf662..3ade91e 100644
--- a/common/network/sandbox.nix
+++ b/common/network/sandbox.nix
@@ -112,5 +112,15 @@ in
       allowedTCPPorts = [ 53 ];
       allowedUDPPorts = [ 53 ];
     };
+
+    # Block sandboxes from reaching the local network (private RFC1918 ranges)
+    # while still allowing public internet access via NAT.
+    # The sandbox subnet itself is allowed so workspaces can reach the host gateway.
+    networking.firewall.extraForwardRules = ''
+      iifname ${cfg.bridgeName} ip daddr ${cfg.hostAddress} accept
+      iifname ${cfg.bridgeName} ip daddr 10.0.0.0/8 drop
+      iifname ${cfg.bridgeName} ip daddr 172.16.0.0/12 drop
+      iifname ${cfg.bridgeName} ip daddr 192.168.0.0/16 drop
+    '';
   };
 }