command: docker sandbox network proxy
short: Manage proxy configuration for a sandbox
long: Manage proxy configuration for a sandbox
usage: docker sandbox network proxy <sandbox> [OPTIONS]
pname: docker sandbox network
plink: docker_sandbox_network.yaml
options:
    - option: allow-cidr
      value_type: string
      description: |
        Remove an IP range in CIDR notation from the block or bypass lists (can be specified multiple times)
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: allow-host
      value_type: string
      description: Permit access to a domain or IP (can be specified multiple times)
      details_url: '#allow-host'
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: block-cidr
      value_type: string
      description: |
        Block access to an IP range in CIDR notation (can be specified multiple times)
      details_url: '#block-cidr'
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: block-host
      value_type: string
      description: Block access to a domain or IP (can be specified multiple times)
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: bypass-cidr
      value_type: string
      description: |
        Bypass MITM proxy for an IP range in CIDR notation (can be specified multiple times)
      details_url: '#bypass-cidr'
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: bypass-host
      value_type: string
      description: |
        Bypass MITM proxy for a domain or IP (can be specified multiple times)
      details_url: '#bypass-host'
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: policy
      value_type: allow|deny
      description: Set the default policy
      details_url: '#policy'
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
inherited_options:
    - option: debug
      shorthand: D
      value_type: bool
      default_value: "false"
      description: Enable debug logging
      deprecated: false
      hidden: false
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
    - option: socket
      value_type: string
      description: |
        Connect to daemon at specific socket path (for development/debugging)
      deprecated: false
      hidden: true
      experimental: false
      experimentalcli: false
      kubernetes: false
      swarm: false
examples: |-
    ### Block access to a domain

    ```console
    $ docker sandbox network proxy my-sandbox --block-host example.com
    ```

    ### Block multiple domains

    ```console
    $ docker sandbox network proxy my-sandbox \
      --block-host example.com \
      --block-host malicious.site
    ```

    ### Block IP range (--block-cidr) {#block-cidr}

    ```text
    --block-cidr CIDR
    ```

    Block access to an IP range in CIDR notation:

    ```console
    $ docker sandbox network proxy my-sandbox --block-cidr 192.168.1.0/24
    ```

    ### Allow specific domain (--allow-host) {#allow-host}

    ```text
    --allow-host DOMAIN
    ```

    Permit access to a domain (useful with deny-by-default policy):

    ```console
    $ docker sandbox network proxy my-sandbox \
      --policy deny \
      --allow-host api.trusted-service.com
    ```

    ### Bypass MITM proxy for domain (--bypass-host) {#bypass-host}

    ```text
    --bypass-host DOMAIN
    ```

    Bypass MITM proxy for specific domains:

    ```console
    $ docker sandbox network proxy my-sandbox --bypass-host localhost
    ```

    ### Bypass MITM proxy for IP range (--bypass-cidr) {#bypass-cidr}

    ```text
    --bypass-cidr CIDR
    ```

    Bypass MITM proxy for an IP range:

    ```console
    $ docker sandbox network proxy my-sandbox --bypass-cidr 127.0.0.0/8
    ```

    ### Set default policy (--policy) {#policy}

    ```text
    --policy allow|deny
    ```

    Set the default policy for network access:

    ```console
    # Allow by default, block specific hosts
    $ docker sandbox network proxy my-sandbox \
      --policy allow \
      --block-host dangerous.example

    # Deny by default, allow specific hosts
    $ docker sandbox network proxy my-sandbox \
      --policy deny \
      --allow-host api.trusted.com \
      --allow-host cdn.trusted.com
    ```

    ### Remove rules

    Use `--allow-cidr` to remove IP ranges from block or bypass lists:

    ```console
    $ docker sandbox network proxy my-sandbox --allow-cidr 192.168.1.0/24
    ```
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false