Skip to main content
Sandboxes support fine-grained network controls to restrict what the code running inside can access.

Internet Access

By default, sandboxes have internet access enabled. Disable it for untrusted code: 
from tensorlake.sandbox import SandboxClient

client = SandboxClient()

# No internet access
sandbox = client.create(
    image="python:3.11-slim",
    allow_internet_access=False
)

Outbound Destination Controls

For more granular control, use allow_out and deny_out to restrict which destinations the sandbox can reach.

Allow List

Only allow connections to specific destinations: 
sandbox = client.create(
    image="python:3.11-slim",
    allow_out=["api.openai.com", "api.anthropic.com"]
)
When allow_out is specified, the sandbox can only connect to the listed destinations. All other outbound connections are blocked.

Deny List

Block specific destinations while allowing everything else: 
sandbox = client.create(
    image="python:3.11-slim",
    deny_out=["internal.company.com", "10.0.0.0/8"]
)
When deny_out is specified, the sandbox can connect to any destination except the listed ones.

Network Configuration Summary

ParameterTypeDefaultDescription
allow_internet_accessboolTrueEnable or disable all internet access
allow_outlist[str][]Allowed outbound destinations (allowlist)
deny_outlist[str][]Denied outbound destinations (denylist)

Examples

Fully Isolated Sandbox

No network access at all: 
sandbox = client.create(
    image="python:3.11-slim",
    allow_internet_access=False
)

LLM-Only Access

Allow only LLM API calls: 
sandbox = client.create(
    image="python:3.11-slim",
    allow_out=[
        "api.openai.com",
        "api.anthropic.com",
        "generativelanguage.googleapis.com"
    ]
)

Block Internal Networks

Allow internet but block internal infrastructure: 
sandbox = client.create(
    image="python:3.11-slim",
    deny_out=[
        "10.0.0.0/8",
        "172.16.0.0/12",
        "192.168.0.0/16"
    ]
)

Learn More

Lifecycle

Sandbox states, resources, and timeouts.

Pools

Warm container pools for low-latency creation.