clawker firewall

Manage the egress firewall

Synopsis

Manage the Envoy+CoreDNS egress firewall that controls outbound traffic from agent containers. The firewall runs as shared infrastructure on the clawker Docker network, enforcing domain-level egress rules via Envoy (TLS SNI filtering) and CoreDNS (DNS-level allow/deny).

Examples

  # Show firewall health and status
  clawker firewall status

  # List active egress rules
  clawker firewall list

  # Allow a new domain
  clawker firewall add registry.npmjs.org

  # Remove a domain
  clawker firewall remove registry.npmjs.org

  # Temporarily bypass firewall for an agent
  clawker firewall bypass 30s --agent dev

Subcommands

clawker firewall add - Add an egress rule
clawker firewall bypass - Temporarily bypass firewall for a container
clawker firewall disable - Disable firewall for a container
clawker firewall down - Stop the firewall daemon
clawker firewall enable - Enable firewall for a container
clawker firewall list - List active egress rules
clawker firewall reload - Force-reload firewall configuration
clawker firewall remove - Remove an egress rule
clawker firewall rotate-ca - Rotate the firewall CA certificate
clawker firewall status - Show firewall health and status
clawker firewall up - Start the firewall daemon

Options

  -h, --help   help for firewall

Options inherited from parent commands

  -D, --debug   Enable debug logging

Getting Started

Security

Guides

CLI Reference

Developer Guide

clawker firewall

clawker firewall

Synopsis

Examples

Subcommands

Options

Options inherited from parent commands

See also

Getting Started

Security

Guides

CLI Reference

Developer Guide

​clawker firewall

​Synopsis

​Examples

​Subcommands

​Options

​Options inherited from parent commands

​See also

clawker firewall

Synopsis

Examples

Subcommands

Options

Options inherited from parent commands

See also