feat(devcontainer): enhance firewall with hybrid static/dynamic IP management#5609
Open
sakumoto-shota wants to merge 2 commits intoanthropics:mainfrom
Open
feat(devcontainer): enhance firewall with hybrid static/dynamic IP management#5609sakumoto-shota wants to merge 2 commits intoanthropics:mainfrom
sakumoto-shota wants to merge 2 commits intoanthropics:mainfrom
Conversation
MarkS-AL
reviewed
Aug 29, 2025
| IFS=$'\n\t' # Stricter word splitting | ||
|
|
||
| # Configuration - Domain list as shell array for easy maintenance | ||
| declare -a DYNAMIC_DOMAINS=( |
There was a problem hiding this comment.
Allow additional domains, eg "pypi.org" to be passed in externally, eg via WHITELIST_DOMAINS env var?
Concat the user whitelist with this list of domain names?
Author
There was a problem hiding this comment.
Sorry for the late reply — it's been a while since this was raised!
Great suggestion. I've now added support for a WHITELIST_DOMAINS environment variable. Users can pass additional domains (space-separated) which get merged with the default DYNAMIC_DOMAINS list at container startup.
Usage example:
export WHITELIST_DOMAINS="pypi.org files.pythonhosted.org"The env var is passed into the container via devcontainer.json using ${localEnv:WHITELIST_DOMAINS:}, so it's fully optional and backward compatible — if unset or empty, behavior is unchanged.
…nagement - Implement dual IPSet approach (static for GitHub, dynamic for others) - Add automatic DNS refresh with TTL support (600s default) - Improve maintainability with single domain array configuration - Pass domains as arguments to refresh script (avoid duplication) - Reduce verbose logging while keeping error messages
…AINS env var Allow users to add additional allowed domains externally by setting the WHITELIST_DOMAINS environment variable (space-separated). These are merged with the default DYNAMIC_DOMAINS list at container startup.
sakumoto-shota
force-pushed
the
feature/hybrid-domain-firewall
branch
from
8a5f410 to
33e8ba9
Compare
This was referenced Mar 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR enhances the DevContainer firewall configuration to better handle modern CDN
and load-balanced services by implementing a hybrid approach for IP management.
Changes
Hybrid IP Management:
Automatic Updates:
Improved Maintainability:
User-configurable Domain Whitelist (new):
WHITELIST_DOMAINSenv var (space-separated)DYNAMIC_DOMAINSlist at container startupdevcontainer.jsonusing${localEnv:WHITELIST_DOMAINS:}export WHITELIST_DOMAINS="pypi.org files.pythonhosted.org"Testing
Tested in Docker container with the following results:
Backward Compatibility
WHITELIST_DOMAINSis optional — if unset or empty, behavior is unchangedallowed-domainsIPSet if exists