add Explicit REJECT

Allows for immediate (~20ms) for any blocked call instead of long timeout
2026-01-30 04:02:03 +00:00 · 2025-08-20 23:17:44 +01:00
parent 239aeb55ee
commit c58a7da257
1 changed files with 3 additions and 0 deletions
--- a/.devcontainer/init-firewall.sh
+++ b/.devcontainer/init-firewall.sh
@@ -113,6 +113,9 @@ iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 # Then allow only specific outbound traffic to allowed domains
 iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT

+# Explicitly REJECT all other outbound traffic for immediate feedback
+iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
+
 echo "Firewall configuration complete"
 echo "Verifying firewall rules..."
 if curl --connect-timeout 5 https://example.com >/dev/null 2>&1; then