Add Dockerfile for Claude Code

2025-10-28 14:32:05 -07:00
commit b3b0fd1e48
3 changed files with 342 additions and 0 deletions
--- a/init-firewall.sh
+++ b/init-firewall.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+set -e
+
+echo "Initializing container security settings..."
+
+# Reset iptables
+iptables -F
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT DROP  # Default to blocking all outbound connections
+
+# Allow local connections
+iptables -A OUTPUT -o lo -j ACCEPT
+iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# Allow DNS lookups (required to resolve domains)
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
+
+# Allow connections to specific Anthropic endpoints
+for DOMAIN in api.anthropic.com statsig.anthropic.com sentry.io g.t1.xyz wg1.t1.xyz; do
+  echo "Allowing access to: $DOMAIN"
+  for IP in $(dig +short $DOMAIN); do
+    # Check if the result is actually an IP address
+    if [[ $IP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+      iptables -A OUTPUT -p tcp -d $IP -j ACCEPT
+    fi
+  done
+done
+
+# Verify the rules were applied
+echo "Firewall rules successfully applied:"
+iptables -L OUTPUT -n
+
+echo "Container security configuration complete. Claude can now use --dangerously-skip-permissions safely."
+
+CMDS="$@"
+if [[ "$CMDS" == "" ]]; then
+    CMDS="/bin/bash"
+fi
+
+# Execute the command provided as arguments (or start a shell by default)
+exec sudo --user tb TERM=$TERM PULSE_SERVER=$PULSE_SERVER "$CMDS"