A network firewall for agentic workflows with domain whitelisting. This tool provides L7 (HTTP/HTTPS) egress control using Squid proxy and Docker containers, restricting network access to a whitelist of approved domains for AI agents and their MCP servers.
Tip
This project is a part of GitHub Next's explorations of Agentic Workflows. For more background, check out the project page on the GitHub Next website! ✨
- L7 Domain Whitelisting: Control HTTP/HTTPS traffic at the application layer
- Host-Level Enforcement: Uses iptables DOCKER-USER chain to enforce firewall on ALL containers
- Docker-in-Docker Support: Spawned containers inherit firewall restrictions
- Docker: Must be running
# Download the latest release binary
curl -L https://github.com/githubnext/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf
chmod +x awf
sudo mv awf /usr/local/bin/
# Verify installation
sudo awf --helpNote: Verify checksums after download by downloading checksums.txt from the release page.
# Simple HTTP request
sudo awf \
--allow-domains github.com,api.github.com \
'curl https://api.github.com'
# With GitHub Copilot CLI
sudo -E awf \
--allow-domains github.com,api.github.com,googleapis.com \
'copilot --prompt "List my repositories"'
# Docker-in-Docker (spawned containers inherit firewall)
sudo awf \
--allow-domains api.github.com,registry-1.docker.io,auth.docker.io \
'docker run --rm curlimages/curl -fsS https://api.github.com/zen'Domains automatically match all subdomains:
# github.com matches api.github.com, raw.githubusercontent.com, etc.
sudo awf --allow-domains github.com "curl https://api.github.com" # ✓ worksCommon domain lists:
# For GitHub Copilot with GitHub API
--allow-domains github.com,api.github.com,githubusercontent.com,googleapis.com
# For MCP servers
--allow-domains github.com,arxiv.org,example.com- Unauthorized egress to non-whitelisted domains
- Data exfiltration via HTTP/HTTPS
- MCP servers accessing unexpected endpoints
Contributions welcome! Please see CONTRIBUTING.md for guidelines.