Outbound Net Policies

These methods exist on the policy.outboundNet object as seen in the following example:

(policy) => {
  policy.outboundNet.allowTcp('example.com', 3000);
}

These policies affect outbound TCP requests. This means any usage of the connect function in net or on net.Socket. Third party modules using net are also subject to these policies.

WARNING: When running your application you may encounter warning related to the net module. A naive reaction may be to write a network policy in these situations. However, often times network connections are made as part of a database connection or some other tool for sharing state. Instead of simply whitelisting network connections, please contact Intrinsic. We can discuss manually virtualizing the library and building fine-grained policies. Read more on side-channels for an explanation of why this is important.

policy.outboundNet.allowTcp(host, port)

Allows the application to connect to the host provided by host on the port provided by port.

Policy violations occurring when a non-whitelisted TCP connection is attempted will look like the following:

[INTRINSIC] OutboundHostAndPortNetPolicyViolation: POLICY_VIOLATION sb: "0"
  | tcp://example.com:3000 is not in the outbound net whitelist

policy.outboundNet.allowTcp(path)

Allows the application to connect to the UNIX domain socket at the specified path.

Policy violations occurring when a non-whitelisted TCP connection is attempted will look like the following:

[INTRINSIC] OutboundPathNetPolicyViolation: POLICY_VIOLATION sb: "0"
  | tcp:///path/to/socket is not in the outbound net whitelist

policy.outboundNet.allowUdp(host, port)

Allows the application to connect to the host provided by host on the port provided by port.

Policy violations occurring when a non-whitelisted UDP connection is attempted will look like the following:

[INTRINSIC] OutboundHostAndPortNetPolicyViolation: POLICY_VIOLATION sb: "0"
  | udp://example.com:3000 is not in the outbound net whitelist