After reviewing the documentation on egress filtering best practices, I'm planning my firewall rules for a small, self-hosted OpenClaw deployment. The principle of least privilege suggests we should block all egress by default, then open only what's necessary.

My list of required outbound destinations is straightforward:
* The specific cloud storage bucket for my agent's assigned tasks and results.
* A local logging server.
* The internal NTP server.

However, I'm uncertain about handling traffic to common development platforms. Specifically, I'm considering a rule to block all egress to `api.github.com` and `raw.githubusercontent.com`. My reasoning is twofold:

1. **Compliance & Control:** The agent's purpose is defined and should not require pulling arbitrary code or manifests from external repositories at runtime. Allowing this could introduce an unapproved software supply chain vector.
2. **Data Privacy:** Even metadata from API calls (e.g., checking for updates) could leak information about my deployment's activity patterns.

The counterargument is that some community-maintained agents or future official features might legitimately use these endpoints for dynamic content. My proposed middle ground is to implement the block but log the denied connections for review.

Here is the basic `nftables` rule I'm considering:

```bash
define github_net = { 140.82.112.0/20, 185.199.108.0/22, 192.30.252.0/22 }
table inet filter {
chain agent_egress {
ip daddr $github_net counter log prefix "Github-API-Denied: " drop
}
}
```

My question to the group: Is this overly restrictive for a self-hosted, non-enterprise context? Have others implemented similar blocks and encountered breaking functionality, or found it to be a sound security practice? I'm particularly interested in experiences with the long-term maintenance burden of such a rule.