fix: add NAT blacklist for dangerous ports in iptables

[Copilot]

Adds defense-in-depth layer at the iptables NAT level to block dangerous ports, complementing existing Squid ACL filtering.

Changes

• Added DANGEROUS_PORTS array in containers/agent/setup-iptables.sh matching the list in squid-config.ts
• Inserted NAT RETURN rules for dangerous ports before DNAT redirect rules
• Traffic to blocked ports bypasses NAT and hits the OUTPUT chain's final DROP rule

Blocked Ports

SSH (22), Telnet (23), SMTP (25), POP3 (110), IMAP (143), SMB (445), MSSQL (1433), Oracle (1521), MySQL (3306), RDP (3389), PostgreSQL (5432), Redis (6379), MongoDB (27017/27018/28017)

Traffic Flow

Dangerous port traffic → NAT RETURN → OUTPUT DROP (blocked)
Allowed port traffic   → NAT DNAT   → Squid proxy → domain ACL

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Security] Port filtering should use explicit NAT blacklist</issue_title>
<issue_description>## Priority
Low

Description

Current port filtering implementation could be strengthened by using an explicit NAT blacklist for dangerous ports rather than relying solely on ACL filtering.

Impact

• Severity: Low
• Attack Vector: Bypass of ACL filtering in edge cases
• Risk: Access to dangerous ports if ACL fails

Proposed Solution

Implement explicit iptables NAT rules to blacklist dangerous ports:

# Block dangerous ports in NAT PREROUTING
iptables -t nat -A PREROUTING -p tcp --dport 22 -j RETURN
iptables -t nat -A PREROUTING -p tcp --dport 3306 -j RETURN
# ... etc

This provides defense-in-depth beyond Squid ACL filtering.

Effort Estimate

~2 hours

References

• Source: Daily Security Review Discussion [Security Review] Daily Security Review - January 16, 2026 #228
• Location: containers/agent/setup-iptables.sh</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Security] Port filtering should use explicit NAT blacklist #254

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	77.19%	77.19%	➡️ +0.00%
Statements	77.27%	77.27%	➡️ +0.00%
Functions	77.17%	77.17%	➡️ +0.00%
Branches	69.76%	69.76%	➡️ +0.00%

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

Smoke Test Results (Claude)

Last 2 Merged PRs:

• PR chore: delete existing firewall tests and migrate smoke tests #229: chore: delete existing firewall tests and migrate smoke tests
• PR feat(ci): add coverage regression detection #244: feat(ci): add coverage regression detection

Test Results:

• ✅ GitHub MCP: Retrieved merged PRs
• ✅ Playwright: Page title contains "GitHub"
• ✅ File Write: Created test file successfully
• ✅ Bash Tool: Verified file content

Overall Status: PASS

AI generated by Smoke Claude

[github-actions]

✅ Smoke Test PASSED

Last 2 Merged PRs:

• chore: delete existing firewall tests and migrate smoke tests #229: chore: delete existing firewall tests and migrate smoke tests
• feat(ci): add coverage regression detection #244: feat(ci): add coverage regression detection

Test Results:

• ✅ GitHub MCP: Retrieved PR data
• ✅ Playwright: Verified github.com title contains "GitHub"
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-21092098373.txt
• ✅ Bash Tool: Verified file content

cc: @Mossaka @copilot

AI generated by Smoke Copilot

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

Smoke Test Results - Claude Engine

Last 2 Merged PRs:

• ci: add agentic documentation preview workflow with Playwright #246: ci: add agentic documentation preview workflow with Playwright
• feat: port plan workflow from gh-aw repository #230: feat: port plan workflow from gh-aw repository

Test Results:

• ✅ GitHub MCP: Retrieved PR data successfully
• ✅ Playwright: Navigated to github.com, title contains "GitHub"
• ✅ File Write: Created /tmp/gh-aw/agent/smoke-test-claude-21092322278.txt
• ✅ Bash: Verified file contents

Status: PASS

AI generated by Smoke Claude

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• feat: port plan workflow from gh-aw repository #230: feat: port plan workflow from gh-aw repository
• ci: pin GitHub Actions to commit SHAs for supply chain security #266: ci: pin GitHub Actions to commit SHAs for supply chain security

Test Results:

• ✅ GitHub MCP: Retrieved PRs successfully
• ❌ Playwright: Missing system libraries (libglib-2.0.so.0) - curl test passed ✅
• ✅ File Write: Created /tmp/gh-aw/agent/smoke-test-copilot-21092322273.txt
• ✅ Bash Tool: File verified successfully

Overall: PARTIAL PASS (4/5 - Playwright library issue)

cc: @Mossaka

AI generated by Smoke Copilot