mirrors/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-02 04:11:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix ipv6 bypass

Browse Source
This commit is contained in:
viyatb-oai
2026-02-02 16:28:26 -08:00
parent c0b6e2278f
commit 28575cda73
4 changed files with 66 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.devcontainer/README.md
View File

@@ -26,7 +26,9 @@ This is a Codex-focused devcontainer setup adapted for this monorepo.
- writes `/home/vscode/.gitconfig.local`
- `postStartCommand`: `bash /opt/post_start.sh`
- applies firewall rules through `init-firewall.sh`
- enforces IPv6 default-deny so strict mode cannot be bypassed over IPv6
- optionally adds GitHub CIDR ranges from `api.github.com/meta`
- optionally adds Cloudflare IPv4 CIDR ranges for CDN-backed endpoints
## Firewall modes
@@ -36,6 +38,7 @@ This is a Codex-focused devcontainer setup adapted for this monorepo.
Optional strict-mode enhancement:
- `CODEX_INCLUDE_GITHUB_META_RANGES=1` (default) hydrates GitHub CIDRs into the allowlist.
- `CODEX_INCLUDE_CLOUDFLARE_RANGES=1` (default) hydrates Cloudflare IPv4 CIDRs into the allowlist.
To run in permissive mode during a session: