ReddRadar
Agent skill
when-setting-network-security-use-network-security-setup
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
Install this agent skill to your Project
npx add-skill https://github.com/aiskillstore/marketplace/tree/main/skills/dnyoussef/when-setting-network-security-use-network-security-setup
SKILL.md
Network Security Setup SOP
metadata:
skill_name: when-setting-network-security-use-network-security-setup
version: 1.0.0
category: specialized-tools
difficulty: intermediate
estimated_duration: 25-45 minutes
trigger_patterns:
- "network security"
- "configure network isolation"
- "trusted domains"
- "firewall rules"
- "network access control"
dependencies:
- Claude Code sandbox
- Network configuration access
agents:
- security-manager
- cicd-engineer
success_criteria:
- Trusted domains configured
- Access policies implemented
- Environment variables set
- Network tests passing
- Documentation complete
Overview
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
Agent Responsibilities
security-manager
- Design network security architecture
- Define trusted domains and policies
- Validate security configurations
- Create security documentation
cicd-engineer
- Implement network configurations
- Deploy firewall rules
- Setup environment variables
- Create monitoring tools
Phase 1: Audit Network Requirements
Identify required network access, external dependencies, and security constraints.
mkdir -p network-security/{policies,config,tests,docs}
# Document network requirements
cat > network-security/docs/NETWORK-REQUIREMENTS.md << 'EOF'
# Network Access Requirements
## External Dependencies
- Anthropic API (api.anthropic.com)
- GitHub (github.com, *.github.com)
- NPM Registry (npmjs.org)
- PyPI (pypi.org)
- Docker Hub (docker.io)
## Required Ports
- Outbound: 80 (HTTP), 443 (HTTPS), 22 (SSH)
- Inbound: 3000, 5000, 8000, 8080 (Application)
## Protocols
- Allowed: HTTP/HTTPS, SSH, Git
- Blocked: FTP, Telnet, SMTP
## Rate Limits
- 100 requests/minute
- Burst: 150 requests
EOF
Phase 2: Design Security Policies
Create comprehensive network security policies with allow/deny rules.
cat > network-security/policies/network-policy.json << 'EOF'
{
"network_security": {
"mode": "whitelist",
"trusted_domains": [
"*.anthropic.com",
"api.openai.com",
"github.com",
"*.github.com",
"raw.githubusercontent.com",
"npmjs.org",
"registry.npmjs.org",
"pypi.org",
"files.pythonhosted.org",
"docker.io",
"registry-1.docker.io"
],
"blocked_domains": [
"*.malicious.com",
"suspicious.net"
],
"allowed_ports": {
"outbound": [80, 443, 22],
"inbound": [3000, 5000, 8000, 8080]
},
"rate_limiting": {
"enabled": true,
"requests_per_minute": 100,
"burst": 150
},
"dns_filtering": {
"enabled": true,
"block_private_ips": true,
"block_localhost_bypass": true
}
}
}
EOF
Phase 3: Implement Network Isolation
Deploy firewall rules, DNS filtering, and access controls.
cat > network-security/config/configure-network.sh << 'EOF'
#!/bin/bash
set -e
echo "Configuring network security..."
# Configure firewall (iptables)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
# DNS filtering
cat >> /etc/hosts << 'HOSTS'
127.0.0.1 malicious.com
127.0.0.1 suspicious.net
HOSTS
# Environment variables
cat > /etc/environment.d/network-security.conf << 'ENV'
HTTPS_PROXY=""
NO_PROXY="localhost,127.0.0.1"
TRUSTED_DOMAINS="anthropic.com,github.com,npmjs.org,pypi.org,docker.io"
ENV
echo "Network security configured"
EOF
chmod +x network-security/config/configure-network.sh
Phase 4: Test Access Controls
Validate network policies through comprehensive testing.
cat > network-security/tests/network-tests.sh << 'EOF'
#!/bin/bash
echo "Testing Network Security..."
# Test trusted domain access
curl -s --max-time 5 https://api.anthropic.com && echo "✓ Trusted domain accessible"
# Test blocked domain
! curl -s --max-time 5 https://malicious.com && echo "✓ Blocked domain inaccessible"
# Test allowed ports
nc -zv localhost 3000 && echo "✓ Port 3000 accessible"
echo "Network tests complete"
EOF
chmod +x network-security/tests/network-tests.sh
Phase 5: Document Configuration
Create comprehensive documentation for network security setup.
cat > network-security/docs/DEPLOYMENT.md << 'EOF'
# Network Security Deployment
## Quick Start
1. Review requirements
2. Deploy configuration: `./network-security/config/configure-network.sh`
3. Test policies: `./network-security/tests/network-tests.sh`
4. Monitor: Check logs for violations
## Trusted Domains
- Anthropic API
- GitHub
- NPM/PyPI
- Docker Hub
## Monitoring
- Connection logs: `/var/log/connections.log`
- Firewall logs: `/var/log/firewall.log`
- DNS queries: `/var/log/dns.log`
## Maintenance
- Review monthly
- Update trusted domains as needed
- Audit logs weekly
EOF
Workflow Summary
Duration: 25-45 minutes
Deliverables:
- Network security policies
- Firewall configuration
- DNS filtering
- Test suite
- Documentation
Best Practices
- Whitelist Approach: Deny by default
- Least Privilege: Minimal access
- Regular Testing: Weekly validation
- Continuous Monitoring: Real-time logs
- Documentation: Keep updated
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
aiskillstore/marketplace
perigon-backend
Perigon ASP.NET Core + EF Core + Aspire conventions
aiskillstore/marketplace
perigon-agent
Pointers for Copilot/agents to apply Perigon conventions
aiskillstore/marketplace
perigon-angular
Angular 21+ standalone/Material/signal conventions for Perigon WebApp
aiskillstore/marketplace
fastapi-mastery
Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.
aiskillstore/marketplace
context7-efficient
Token-efficient library documentation fetcher using Context7 MCP with 86.8% token savings through intelligent shell pipeline filtering. Fetches code examples, API references, and best practices for JavaScript, Python, Go, Rust, and other libraries. Use when users ask about library documentation, need code examples, want API usage patterns, are learning a new framework, need syntax reference, or troubleshooting with library-specific information. Triggers include questions like "Show me React hooks", "How do I use Prisma", "What's the Next.js routing syntax", or any request for library/framework documentation.
aiskillstore/marketplace
browser-use
Browser automation using Playwright MCP. Navigate websites, fill forms, click elements, take screenshots, and extract data. Use when tasks require web browsing, form submission, web scraping, UI testing, or any browser interaction.
Didn't find tool you were looking for?