feat: add sandbox egress firewall for ip addresses

Author: dobrac

packages/orchestrator/benchmark_test.go

@@ -20,6 +20,7 @@ import (
 	"go.opentelemetry.io/otel/metric/noop"
 	"go.uber.org/zap"
 
+	"github.com/e2b-dev/infra/packages/api/internal/orchestrator"
 	"github.com/e2b-dev/infra/packages/orchestrator/internal/cfg"
 	"github.com/e2b-dev/infra/packages/orchestrator/internal/proxy"
 	"github.com/e2b-dev/infra/packages/orchestrator/internal/sandbox"
@@ -49,15 +50,15 @@ func BenchmarkBaseImageLaunch(b *testing.B) {
 
 	// test configuration
 	const (
-		testType            = onlyStart
-		baseImage           = "e2bdev/base"
-		kernelVersion       = "vmlinux-6.1.102"
-		fcVersion           = "v1.10.1_1fcdaec08"
-		templateID          = "fcb33d09-3141-42c4-8d3b-c2df411681db"
-		buildID             = "ba6aae36-74f7-487a-b6f7-74fd7c94e479"
-		useHugePages        = false
-		allowInternetAccess = true
-		templateVersion     = "v2.0.0"
+		testType        = onlyStart
+		baseImage       = "e2bdev/base"
+		kernelVersion   = "vmlinux-6.1.102"
+		fcVersion       = "v1.10.1_1fcdaec08"
+		templateID      = "fcb33d09-3141-42c4-8d3b-c2df411681db"
+		buildID         = "ba6aae36-74f7-487a-b6f7-74fd7c94e479"
+		useHugePages    = false
+		firewall        = &orchestrator.FirewallConfig{}
+		templateVersion = "v2.0.0"
 	)
 
 	// cache paths, to speed up test runs. these paths aren't wiped between tests
@@ -182,12 +183,12 @@ func BenchmarkBaseImageLaunch(b *testing.B) {
 
 	accessToken := "access-token"
 	sandboxConfig := sandbox.Config{
-		BaseTemplateID:      templateID,
-		Vcpu:                2,
-		RamMB:               512,
-		TotalDiskSizeMB:     2 * 1024,
-		HugePages:           useHugePages,
-		AllowInternetAccess: ptr(allowInternetAccess),
+		BaseTemplateID:  templateID,
+		Vcpu:            2,
+		RamMB:           512,
+		TotalDiskSizeMB: 2 * 1024,
+		HugePages:       useHugePages,
+		Firewall:        firewall,
 		Envd: sandbox.EnvdMetadata{
 			Vars:        map[string]string{"HELLO": "WORLD"},
 			AccessToken: &accessToken,

packages/orchestrator/internal/sandbox/network/pool.go

@@ -12,6 +12,7 @@ import (
 	"go.opentelemetry.io/otel/metric"
 	"go.uber.org/zap"
 
+	"github.com/e2b-dev/infra/packages/shared/pkg/grpc/orchestrator"
 	"github.com/e2b-dev/infra/packages/shared/pkg/telemetry"
 	"github.com/e2b-dev/infra/packages/shared/pkg/utils"
 )
@@ -127,7 +128,7 @@ func (p *Pool) Populate(ctx context.Context) {
 	}
 }
 
-func (p *Pool) Get(ctx context.Context, allowInternet bool) (*Slot, error) {
+func (p *Pool) Get(ctx context.Context, firewall *orchestrator.SandboxFirewallConfig) (*Slot, error) {
 	var slot *Slot
 
 	select {
@@ -154,7 +155,7 @@ func (p *Pool) Get(ctx context.Context, allowInternet bool) (*Slot, error) {
 		}
 	}
 
-	err := slot.ConfigureInternet(ctx, allowInternet)
+	err := slot.ConfigureInternet(ctx, firewall)
 	if err != nil {
 		return nil, fmt.Errorf("error setting slot internet access: %w", err)
 	}

packages/orchestrator/internal/sandbox/network/slot.go

@@ -16,6 +16,7 @@ import (
 	netutils "k8s.io/utils/net"
 
 	"github.com/e2b-dev/infra/packages/shared/pkg/env"
+	"github.com/e2b-dev/infra/packages/shared/pkg/grpc/orchestrator"
 )
 
 var tracer = otel.Tracer("github.com/e2b-dev/infra/packages/orchestrator/internal/sandbox/network")
@@ -248,14 +249,13 @@ func (s *Slot) CloseFirewall() error {
 	return nil
 }
 
-func (s *Slot) ConfigureInternet(ctx context.Context, allowInternet bool) (e error) {
+func (s *Slot) ConfigureInternet(ctx context.Context, firewall *orchestrator.SandboxFirewallConfig) (e error) {
 	_, span := tracer.Start(ctx, "slot-internet-configure", trace.WithAttributes(
 		attribute.String("namespace_id", s.NamespaceID()),
-		attribute.Bool("allow_internet", allowInternet),
 	))
 	defer span.End()
 
-	if allowInternet {
+	if len(firewall.GetEgress().GetAllowedCidrs()) == 0 && len(firewall.GetEgress().GetBlockedCidrs()) == 0 {
 		// Internet access is allowed by default.
 		return nil
 	}
@@ -269,9 +269,18 @@ func (s *Slot) ConfigureInternet(ctx context.Context, allowInternet bool) (e err
 	defer n.Close()
 
 	err = n.Do(func(_ ns.NetNS) error {
-		err = s.Firewall.AddBlockedIP("0.0.0.0/0")
-		if err != nil {
-			return fmt.Errorf("error setting firewall rules: %w", err)
+		for _, cidr := range firewall.GetEgress().GetAllowedCidrs() {
+			err = s.Firewall.AddAllowedIP(cidr)
+			if err != nil {
+				return fmt.Errorf("error setting firewall rules: %w", err)
+			}
+		}
+
+		for _, cidr := range firewall.GetEgress().GetBlockedCidrs() {
+			err = s.Firewall.AddBlockedIP(cidr)
+			if err != nil {
+				return fmt.Errorf("error setting firewall rules: %w", err)
+			}
 		}
 
 		return nil

packages/orchestrator/internal/sandbox/sandbox.go

@@ -61,7 +61,7 @@ type Config struct {
 	TotalDiskSizeMB int64
 	HugePages       bool
 
-	AllowInternetAccess *bool
+	Firewall *orchestrator.SandboxFirewallConfig
 
 	Envd EnvdMetadata
 }
@@ -185,13 +185,7 @@ func (f *Factory) CreateSandbox(
 		}
 	}()
 
-	// TODO: Temporarily set this based on global config, should be removed later (it should be passed as a parameter in build)
-	allowInternet := f.config.AllowSandboxInternet
-	if config.AllowInternetAccess != nil {
-		allowInternet = *config.AllowInternetAccess
-	}
-
-	ipsCh := getNetworkSlotAsync(ctx, f.networkPool, cleanup, allowInternet)
+	ipsCh := getNetworkSlotAsync(ctx, f.networkPool, cleanup, config.Firewall)
 	defer func() {
 		// Ensure the slot is received from chan so the slot is cleaned up properly in cleanup
 		<-ipsCh
@@ -373,14 +367,7 @@ func (f *Factory) ResumeSandbox(
 		}
 	}()
 
-	// TODO: Temporarily set this based on global config, should be removed later
-	//  (it should be passed as a non nil parameter from API)
-	allowInternet := f.config.AllowSandboxInternet
-	if config.AllowInternetAccess != nil {
-		allowInternet = *config.AllowInternetAccess
-	}
-
-	ipsCh := getNetworkSlotAsync(ctx, f.networkPool, cleanup, allowInternet)
+	ipsCh := getNetworkSlotAsync(ctx, f.networkPool, cleanup, config.Firewall)
 	defer func() {
 		// Ensure the slot is received from chan before ResumeSandbox returns so the slot is cleaned up properly in cleanup
 		<-ipsCh
@@ -915,7 +902,7 @@ func getNetworkSlotAsync(
 	ctx context.Context,
 	networkPool *network.Pool,
 	cleanup *Cleanup,
-	allowInternet bool,
+	firewall *orchestrator.SandboxFirewallConfig,
 ) chan networkSlotRes {
 	ctx, span := tracer.Start(ctx, "get-network-slot")
 	defer span.End()
@@ -925,7 +912,7 @@ func getNetworkSlotAsync(
 	go func() {
 		defer close(r)
 
-		ips, err := networkPool.Get(ctx, allowInternet)
+		ips, err := networkPool.Get(ctx, firewall)
 		if err != nil {
 			r <- networkSlotRes{nil, fmt.Errorf("failed to get network slot: %w", err)}
 

packages/orchestrator/internal/server/main.go

@@ -8,6 +8,7 @@ import (
 	"go.uber.org/zap"
 	"golang.org/x/sync/semaphore"
 
+	"github.com/e2b-dev/infra/packages/orchestrator/internal/cfg"
 	"github.com/e2b-dev/infra/packages/orchestrator/internal/events"
 	"github.com/e2b-dev/infra/packages/orchestrator/internal/proxy"
 	"github.com/e2b-dev/infra/packages/orchestrator/internal/sandbox"
@@ -25,6 +26,7 @@ import (
 type Server struct {
 	orchestrator.UnimplementedSandboxServiceServer
 
+	config            cfg.Config
 	sandboxFactory    *sandbox.Factory
 	info              *service.ServiceInfo
 	sandboxes         *sandbox.Map
@@ -40,6 +42,7 @@ type Server struct {
 }
 
 type ServiceConfig struct {
+	Config           cfg.Config
 	Tel              *telemetry.Client
 	NetworkPool      *network.Pool
 	DevicePool       *nbd.DevicePool
@@ -55,6 +58,7 @@ type ServiceConfig struct {
 
 func New(cfg ServiceConfig) *Server {
 	server := &Server{
+		config:            cfg.Config,
 		sandboxFactory:    cfg.SandboxFactory,
 		info:              cfg.Info,
 		proxy:             cfg.Proxy,

packages/orchestrator/internal/server/sandboxes.go

@@ -99,6 +99,19 @@ func (s *Server) Create(ctx context.Context, req *orchestrator.SandboxCreateRequ
 		return nil, fmt.Errorf("failed to get template snapshot data: %w", err)
 	}
 
+	firewall := req.GetSandbox().GetFirewall()
+
+	// TODO: Temporarily set this based on global config, should be removed later
+	//  (it should be passed as a non nil parameter from API)
+	allowInternet := s.config.AllowSandboxInternet
+	if req.GetSandbox().AllowInternetAccess != nil {
+		allowInternet = req.GetSandbox().GetAllowInternetAccess()
+	}
+	if !allowInternet {
+		firewall.Egress = firewall.GetEgress()
+		firewall.Egress.BlockedCidrs = []string{"0.0.0.0/0"}
+	}
+
 	sbx, err := s.sandboxFactory.ResumeSandbox(
 		ctx,
 		template,
@@ -110,7 +123,7 @@ func (s *Server) Create(ctx context.Context, req *orchestrator.SandboxCreateRequ
 			TotalDiskSizeMB: req.GetSandbox().GetTotalDiskSizeMb(),
 			HugePages:       req.GetSandbox().GetHugePages(),
 
-			AllowInternetAccess: req.GetSandbox().AllowInternetAccess,
+			Firewall: req.GetSandbox().GetFirewall(),
 
 			Envd: sandbox.EnvdMetadata{
 				Version:     req.GetSandbox().GetEnvdVersion(),

packages/orchestrator/internal/template/build/phases/base/builder.go

@@ -31,6 +31,7 @@ import (
 	artifactsregistry "github.com/e2b-dev/infra/packages/shared/pkg/artifacts-registry"
 	"github.com/e2b-dev/infra/packages/shared/pkg/dockerhub"
 	featureflags "github.com/e2b-dev/infra/packages/shared/pkg/feature-flags"
+	"github.com/e2b-dev/infra/packages/shared/pkg/grpc/orchestrator"
 	"github.com/e2b-dev/infra/packages/shared/pkg/id"
 	"github.com/e2b-dev/infra/packages/shared/pkg/storage"
 	"github.com/e2b-dev/infra/packages/shared/pkg/utils"
@@ -204,15 +205,13 @@ func (bb *BaseBuilder) buildLayerFromOCI(
 		return metadata.Template{}, fmt.Errorf("error creating provision rootfs: %w", err)
 	}
 
-	// Allow sandbox internet access during provisioning
-	allowInternetAccess := true
-
 	baseSbxConfig := sandbox.Config{
 		Vcpu:      bb.Config.VCpuCount,
 		RamMB:     bb.Config.MemoryMB,
 		HugePages: bb.Config.HugePages,
 
-		AllowInternetAccess: &allowInternetAccess,
+		// Allow sandbox internet access during provisioning
+		Firewall: &orchestrator.SandboxFirewallConfig{},
 
 		Envd: sandbox.EnvdMetadata{
 			Version: bb.EnvdVersion,

packages/orchestrator/main.go

@@ -349,6 +349,7 @@ func run(config cfg.Config) (success bool) {
 	sandboxFactory := sandbox.NewFactory(config.BuilderConfig, networkPool, devicePool, featureFlags)
 
 	orchestratorService := server.New(server.ServiceConfig{
+		Config:           config,
 		SandboxFactory:   sandboxFactory,
 		Tel:              tel,
 		NetworkPool:      networkPool,

packages/orchestrator/orchestrator.proto

@@ -9,20 +9,20 @@ message SandboxConfig {
   // Data required for creating a new sandbox.
   string template_id = 1;
   string build_id = 2;
-  
+
   string kernel_version = 3;
   string firecracker_version = 4;
-  
+
   bool huge_pages = 5;
-  
+
   string sandbox_id = 6;
   map<string, string> env_vars = 7;
-  
+
   // Metadata about the sandbox.
   map<string, string> metadata = 8;
   optional string alias = 9;
   string envd_version = 10;
-  
+
   int64 vcpu = 11;
   int64 ram_mb = 12;
 
@@ -44,6 +44,17 @@ message SandboxConfig {
   // This is optional only for backwards compatibility.
   // After migration, the optional keyword can be removed.
   optional bool allow_internet_access = 21;
+
+  optional SandboxFirewallConfig firewall = 22;
+}
+
+message SandboxFirewallConfig {
+    optional SandboxFirewallEgressConfig egress = 1;
+}
+
+message SandboxFirewallEgressConfig {
+    repeated string allowed_cidrs = 1;
+    repeated string blocked_cidrs = 2;
 }
 
 message SandboxCreateRequest {