I’ve been running several Claude Code personal assistants 24/7 in docker for months. Remote-control, discord control, the usual always-on setup. I spent the last few weeks looking at the network posture and security. The Containers were on bridge networking, but they could still curl my router admin page and scan my laptop’s /24. Most of them run with --dangerously-skip-permissions or auto mode on opus. One prompt injection from a poisoned page and the agent pivots into my LAN. So I built a skill /docker-security wizard for my hermit project (github.com/gtapps/claude-code-hermit) . Spins up an Alpine sidecar with nftables + dnsmasq. Hermit shares its netns, every packet routes through it. nftables drops RFC1918 and cloud metadata. The nftables redirects every egress :53 to local dnsmasq. Pointing at 1.1.1.1 doesn’t help. Log-only mode for tuning the allowlist and when ready just set up the strict mode. In strict mode the container can only resolve domains you explicitly allowed and can’t reach anything on your LAN. Anyone else running autonomous agents with LAN reach, how are you handling this? submitted by /u/dnationpt
Originally posted by u/dnationpt on r/ClaudeCode
You must log in or # to comment.