Skip to content

fix(agent): use AWF_API_PROXY_IP env var for api-proxy iptables rules #817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lpcox merged 2 commits into from
Feb 13, 2026
Merged

fix(agent): use AWF_API_PROXY_IP env var for api-proxy iptables rules #817

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3beb1e3
Initial plan
Claude Feb 13, 2026
3e6d3f9
fix(agent): use AWF_API_PROXY_IP env var for api-proxy iptables
Claude Feb 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 13 additions & 13 deletions containers/agent/setup-iptables.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,20 +131,17 @@ iptables -t nat -A OUTPUT -d "$SQUID_IP" -j RETURN
# The agent needs to connect directly to api-proxy (not through Squid).
# The api-proxy then routes outbound traffic through Squid to enforce domain whitelisting.
# Architecture: agent -> api-proxy (direct) -> Squid -> internet
if [ -n "$AWF_ENABLE_API_PROXY" ]; then
API_PROXY_IP=$(getent hosts api-proxy | awk 'NR==1 { print $1 }')
if [ -n "$API_PROXY_IP" ] && is_valid_ipv4 "$API_PROXY_IP"; then
echo "[iptables] Allow direct traffic to api-proxy (${API_PROXY_IP}) - bypassing Squid..."
# Use AWF_API_PROXY_IP environment variable set by docker-manager (172.30.0.30)
if [ -n "$AWF_ENABLE_API_PROXY" ] && [ -n "$AWF_API_PROXY_IP" ]; then
if is_valid_ipv4 "$AWF_API_PROXY_IP"; then
echo "[iptables] Allow direct traffic to api-proxy (${AWF_API_PROXY_IP}) - bypassing Squid..."
# NAT: skip DNAT to Squid for all traffic to api-proxy
iptables -t nat -A OUTPUT -d "$API_PROXY_IP" -j RETURN
# FILTER: allow traffic to api-proxy ports (10000 for OpenAI, 10001 for Anthropic)
iptables -A OUTPUT -p tcp -d "$API_PROXY_IP" --dport 10000 -j ACCEPT
iptables -A OUTPUT -p tcp -d "$API_PROXY_IP" --dport 10001 -j ACCEPT
elif [ -n "$API_PROXY_IP" ]; then
echo "[iptables] WARNING: api-proxy resolved to invalid IP '${API_PROXY_IP}', skipping api-proxy bypass"
iptables -t nat -A OUTPUT -d "$AWF_API_PROXY_IP" -j RETURN
else
echo "[iptables] WARNING: api-proxy could not be resolved, skipping api-proxy bypass"
echo "[iptables] WARNING: AWF_API_PROXY_IP has invalid format '${AWF_API_PROXY_IP}', skipping api-proxy bypass"
fi
elif [ -n "$AWF_ENABLE_API_PROXY" ]; then
echo "[iptables] WARNING: AWF_ENABLE_API_PROXY is set but AWF_API_PROXY_IP is not set"
fi

# Bypass Squid for host.docker.internal when host access is enabled.
Expand Down Expand Up @@ -283,9 +280,12 @@ iptables -A OUTPUT -p tcp -d 127.0.0.11 --dport 53 -j ACCEPT
# Allow traffic to Squid proxy (after NAT redirection)
iptables -A OUTPUT -p tcp -d "$SQUID_IP" -j ACCEPT

# Allow traffic to API proxy sidecar (ports 10000/10001)
# Allow traffic to API proxy sidecar (ports 10000 for OpenAI, 10001 for Anthropic)
# Must be added before the final DROP rule
if [ -n "$AWF_API_PROXY_IP" ]; then
iptables -A OUTPUT -p tcp -d "$AWF_API_PROXY_IP" -j ACCEPT
echo "[iptables] Allow traffic to api-proxy (${AWF_API_PROXY_IP}) ports 10000, 10001..."
iptables -A OUTPUT -p tcp -d "$AWF_API_PROXY_IP" --dport 10000 -j ACCEPT
iptables -A OUTPUT -p tcp -d "$AWF_API_PROXY_IP" --dport 10001 -j ACCEPT
fi

# Drop all other TCP traffic (default deny policy)
Expand Down