一键导入
network-allowlist
When a network call fails with DNS, TLS, or SSH refusal, or to check up-front whether a host is reachable from this firewalled VM.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
When a network call fails with DNS, TLS, or SSH refusal, or to check up-front whether a host is reachable from this firewalled VM.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | network-allowlist |
| description | When a network call fails with DNS, TLS, or SSH refusal, or to check up-front whether a host is reachable from this firewalled VM. |
This VM is sandboxed by an external firewall VM. Outbound traffic is
restricted to a host allowlist the user maintains on the host. The
allowlist files live on the host (not in this VM) at
proxy/allowed-https.txt, proxy/allowed-ssh.txt, and
proxy/allowed-dns.txt — you can't read them from in here.
dig <host> returns status: REFUSED;
curl / git fail with "Could not resolve host". Most common
failure mode for unfamiliar domains.curl exits with a connection-reset / TLS
error (commonly 35 or 56). DNS worked but the SNI didn't match.Host: to point at a different tenant on a shared CDN.curl http://host hangs until it times out. Use https:// instead.ssh git@host fails with
"Connection closed by remote host" or kex_exchange_identification.These failures are deterministic. Don't retry — it won't work the second time.
Probe it directly from inside this VM:
dig +short <host> — empty / REFUSED means DNS-blocked.curl -v --max-time 5 https://<host> — TLS handshake errors after
DNS succeeds means SNI-blocked.ssh -o BatchMode=yes -o ConnectTimeout=5 -T git@<host> — fast
failure with "Connection closed" means SSH-blocked.You can't change the allowlist from in here. Ask the user:
Please add
<hostname>to the relevant file(s) on the host:
proxy/allowed-https.txt— HTTPS only (TLS SNI,fnmatchglobs;*.example.commatches subdomains, not the apex). A line may also include a Python regex after the host glob; it matchesMETHOD /path?query, e.g.github.com ^(GET|POST) /owner/(repo1|repo2)\.git/. Cleartext HTTP is denied at the firewall and can't be allowlisted.proxy/allowed-ssh.txt— SSH CONNECT-host (host glob format only; Git-over-SSH cannot be scoped to individual repositories because the firewall cannot see inside the encrypted SSH session).proxy/allowed-dns.txt— DNS suffixes (plain hostnames, suffix match:github.comcoversapi.github.comtoo). A single*line forwards all DNS names and should be reserved for temporary bootstrap/testing policy.Then run
./rootcell allowfrom the repo root (hot-reload, ~1s).
A host that needs both DNS and HTTPS (the common case) has to go in
both allowed-dns.txt and allowed-https.txt.
HTTPS_PROXY / HTTP_PROXY env vars — the firewall is
transparent at the network layer; the VM doesn't know about it and
doesn't need to.If a TLS call fails with a cert verification error, do not retry
with curl -k / --insecure, wget --no-check-certificate,
NODE_TLS_REJECT_UNAUTHORIZED=0, git -c http.sslVerify=false,
pip --trusted-host, GIT_SSL_NO_VERIFY=1, Python verify=False,
or any equivalent.
Why: for allowlisted hosts, the firewall MITM-terminates TLS and
presents per-host certs minted by a per-deployment CA that's already
in this VM's trust store, AND it validates the upstream cert against
the SNI on the way out. So a cert verify failure inside this VM
either means (a) the SNI was rejected (common cause: the allowlist
entry is the apex example.com but you hit www.example.com —
fnmatch doesn't match across the dot, so add *.example.com too)
or (b) the upstream presented a cert that doesn't validate for the
hostname you asked for (i.e. someone is trying to MITM you, or DNS
returned the wrong IP). Bypassing verification papers over the wrong
problem in either case. Stop and ask the user.