Rules that define which network connections an AI agent can make — inbound and outbound — at the container or cluster level.
A network policy is a firewall specifically for your AI agent. It defines which IP addresses, ports, and domains the agent can reach. Unlike application-level egress filtering, network policies are enforced at the infrastructure level — the agent cannot bypass them.
In OpenClaw with Clawctl, network policies are set per agent. The default policy allows outbound connections only to the configured LLM provider and approved MCP servers. Everything else is blocked at the container network level.
Network policies also control inbound traffic. Only the gateway can send messages to the agent. Direct access from the internet is blocked.
Application-level security can be bypassed by code execution exploits. Network policies are enforced at the infrastructure level, providing defense-in-depth even if the agent or its runtime is compromised.
Clawctl enforces network policies at the Docker container level. Per-agent policies control both inbound and outbound traffic. Policies are configured automatically based on your channel and tool setup.
Try Clawctl — 60 Second DeployEgress filtering is application-level. Network policies are infrastructure-level. Both work together for defense-in-depth.
No. Policies are enforced at the container network level, below the application layer.
No. Clawctl generates appropriate network policies automatically based on your agent configuration.
Egress Filtering
Network-level control that restricts which external domains an AI agent can communicate with, preventing data exfiltration.
Agent Isolation
The separation of AI agents into isolated environments so that one compromised agent cannot affect others.
Docker Sandbox
A Docker container configured with restricted permissions that isolates an AI agent from the host system and other containers.
Zero Trust for AI Agents
A security model where AI agents are never trusted by default — every action must be verified, every tool call audited, and every network request filtered.