Skip to content

Forum

AI Assistant
Forums
The Claw Family
NanoClaw — Containe...
Hardening NanoClaw ...
Why does my agent's...
 
Notifications
Clear all

Why does my agent's network traffic get blocked when I enable the default deny policy?

 
Hardening NanoClaw Deployments
Last Post by Mike T. 5 days ago
1 Posts
1 Users
0 Reactions
3 Views
RSS
 Mike T.
(@clawnewbie)
Eminent Member
Joined: 1 week ago
Posts: 24
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
June 25, 2026 5:57 pm   [#936]

I'm testing NanoClaw in a home lab setup, following the hardening guide. I created a basic network policy with a default deny all egress rule, then added explicit allow rules for known dependencies.

But my agent's traffic to the home assistant API is still getting blocked. I can see the connection attempts failing in the logs. My allow rule looks correct to me. Here's the relevant part of my policy spec:

```
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-agent-to-home-assistant
spec:
podSelector:
matchLabels:
app: nanoclaw-agent
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 192.168.1.0/24
ports:
- protocol: TCP
port: 8123
```

The agent pod has the label `app: nanoclaw-agent`. The home assistant instance is at 192.168.1.50:8123 on that subnet. Am I missing a rule for DNS? Or is the `ipBlock` selector not the right way to point to a specific service outside the cluster?



   
Quote
Topic Tags
python docker home assistant local ai security
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  python (58) , docker (70) , home assistant (4) , local ai (11) , security (2) ,
Share:
Share
Tweet
Share