Show HN: CargoWall – eBPF Firewall for GitHub Actions

https://github.com/code-cargo/cargowall-action

10•caleblloyd•1h ago

We just open-sourced CargoWall - a lightweight eBPF firewall for GitHub Actions.

We originally built it to stop LLM agents from connecting to untrusted domains. After recent GitHub Actions supply chain compromises like the Trivy attack, we realized it'd work well for blocking untrusted connections from CI runners too.

It uses iptables DNAT to redirect all outbound port 53 traffic to a local DNS proxy, which checks each query against a hostname allowlist before forwarding. Resolved IPs from allowed responses are inserted into eBPF LPM trie maps, and a TC egress classifier attached to the network interface drops any packet whose destination IP/protocol/port isn't in the trie.

Cgroup hooks capture every socket connect/sendmsg call system-wide, mapping the socket cookie to the process to correlate where connections are coming from. It then correlates the connection times with steps to provide a summary of which connections originated from which steps.

ubuntu-latest and ubuntu-24.04 runners are supported. Simple one-step setup example:

  uses: code-cargo/cargowall-action@v1   # or v1.0.0 for immutable tag
  with:
    mode: enforce
    allowed-hosts: |
      registry.npmjs.org

eBPF Program: https://github.com/code-cargo/cargowall

GitHub Action: https://github.com/code-cargo/cargowall-action

We'd love for you to give it a try! Happy to answer questions or take feedback.

Comments

wkd415•1h ago

Feels like CI/CD is still operating on a pretty optimistic threat model.

matthewdevenny•1h ago

Yes - especially when you are building on GitHub hosted runners.

Enterprises who build within their own network typically have numerous safeguards on network egress. There is cost associated with that effort though and more friction to getting reliable, fast and repeatable build environments.

This eBPF firewall helps you lockdown that network egress on GitHub's cloud and gives you observability on what each build is reaching out to.

Reusable custom syntax for any programming language (Language Workbenches) [video]

Show HN: Modolap – Machine-First Analytical Infrastructure

Broker for Pete Hegseth made multi-million defense investments before Iran War

Show HN: Avoid AI Writing– a skill that audits text for 34 AI pattern categories

Claude Code Auto Mode: A Comprehensive Technical Summary

Vibe Coding a (basic) Wispr Clone in 20 minutes

You Can't Escape the AI Tax

Rejected by iloveimg so created ihateimg

Ollama Now Runs Faster on Macs Thanks to Apple's MLX Framework

Google lets you ditch that embarrassing old Gmail username

Show HN: Lazy-tool: reducing prompt bloat in MCP-based agent workflows

Fast sandboxed code execution with pre-warmed gVisor pools

From "Show Me" to "Do It": How OdooClaw Takes Action in Your Odoo

Show HW: How This Graybeard Built the Fastest and Freest Postgres BM25 Search

Show HN: LeetChess – Solve Chess Puzzles on New Tab Pages

Cohere Transcribe: Speech Recognition

Sigil CMS – headless CMS with native multi-tenancy, 22 plugins, GraphQL and CLI

Show HN: PhAIL – Real-robot benchmark for AI models. The gap to humans is 20x

Why some American accents have endured – while others have faded away

AI agent that writes and hot-reloads its own Python modules at runtime

Show HN: Wageslave – I quit my soul sucking job to make a game about it

Forth VM and compiler written in C++ and Scryer Prolog

The Last Fingerprint: How Markdown Training Shapes LLM Prose

Interaction Nets

Build with Veo 3.1 Lite, our most cost-effective video generation model

Analyzing Geekbench 6 Under Intel's Binary Optimization Tool (Bot)

Ask HN: What are you building with AI coding agents / tooling?

The Overvaluation Trap (2015)

I made a 3D Browser to review my HN upvotes [video]

Building a Powerful SIEM with ClickHouse and Clickdetect – Wazuh – SQL Detection