[daily-firewall-report] Daily Firewall Report - 2026-04-06

[github-actions[bot]]

Daily network firewall analysis for all agentic workflows that use the firewall feature, covering runs from 2026-04-06. This report identifies blocked domains, access patterns, and security insights to help maintain optimal network permission configurations.

---

Summary

• Report Date: 2026-04-06
• Workflows Analyzed: 39 runs with full firewall audit logs (firewall v0.25.13)
• Firewall Status: 🟢 Active on all analyzed runs
• Key Finding: 6 blocked requests detected across 2 workflows — both using the Codex engine without GitHub domain permissions in their allowlist. Both workflows failed, and the firewall blocking likely contributed to those failures.

---

Key Metrics

Metric	Value
🌐 Total Network Requests	1,221
✅ Allowed Requests	1,215 (99.51%)
🚫 Blocked Requests	6 (0.49%)
🔒 Unique Blocked Domains	3
⚠️ Workflows with Blocks	2
❌ Failed Workflows with Blocks	2 (100%)

Block rate of 0.49% — the firewall is operating cleanly with minimal friction for correctly-configured workflows.

---

Top Blocked Domains

Domain	Blocked Count	Category	Workflows
github.com	2	GitHub Services	AI Moderator, Schema Feature Coverage Checker
chatgpt.com	2	OpenAI Services	AI Moderator, Schema Feature Coverage Checker
api.github.com	2	GitHub Services	AI Moderator, Schema Feature Coverage Checker

Note: github.com and api.github.com are blocked when workflows don't explicitly include them in their network.allowed list. These workflows used the Codex engine (via codex_exec/0.118.0) which tries to access GitHub for git operations and chatgpt.com for AI inference — neither was in their allowlist.

---

Policy Rule Attribution

Policy configuration: 6 rules (deny-unsafe-ports, deny-connect-unsafe-ports, deny-raw-ipv4, deny-raw-ipv6, allow-both-plain, deny-default). SSL Bump disabled, DLP disabled.

Policy Rule Hit Summary

Rule	Action	Description	Triggered By
allow-both-plain	🟢 allow	Allow HTTP/HTTPS to allowlisted domains	1,215 requests
deny-default	🔴 deny	Default deny all other traffic	6 requests
deny-unsafe-ports	🔴 deny	Block non-standard ports	0 requests
deny-raw-ipv4	🔴 deny	Block direct IP connections	0 requests
deny-raw-ipv6	🔴 deny	Block raw IPv6 addresses	0 requests

Denied Requests with Attribution

Domain	Port	Workflow	User Agent	Rule
github.com	443	AI Moderator	git/2.53.0	deny-default
chatgpt.com	443	AI Moderator	codex_exec/0.118.0	deny-default
api.github.com	443	AI Moderator	codex_exec/0.118.0	deny-default
github.com	443	Schema Feature Coverage Checker	git/2.53.0	deny-default
chatgpt.com	443	Schema Feature Coverage Checker	codex_exec/0.118.0	deny-default
api.github.com	443	Schema Feature Coverage Checker	codex_exec/0.118.0	deny-default

Rule effectiveness: The deny-default catch-all rule is doing all the blocking work (100% of denials), which is expected. The more specific deny rules (ports, IP-based) had zero hits, indicating no unusual connection attempts to non-standard ports or raw IP addresses.

---

📈 Firewall Activity Trends

Request Patterns by Workflow

The overwhelming majority of workflows operate with zero blocked requests. The two workflows with blocked traffic (AI Moderator and Schema Feature Coverage Checker) both used the Codex engine and both failed — suggesting the missing network permissions directly contributed to their failures.

Top Blocked Domains

All 6 blocked requests were from Codex engine workflows with insufficient network permissions. The chatgpt.com domain stands out — Codex CLI attempts to reach ChatGPT (rather than the standard api.openai.com) which many workflows do not allow. github.com and api.github.com blocks indicate git operations and GitHub API calls being attempted without the corresponding allowlist entries.

---

View Detailed Request Patterns by Workflow

Workflow: AI Moderator (1 run analyzed)

Domain	Blocked Count	Allowed Count	Block Rate	Category
api.anthropic.com	0	12	0%	AI Services
github.com	1	0	100%	GitHub Services
chatgpt.com	1	0	100%	OpenAI Services
api.github.com	1	0	100%	GitHub Services

• Total requests: 15
• Blocked requests: 3
• Allowed requests: 12
• Block rate: 20%
• Engine: Codex (codex_exec/0.118.0)
• Conclusion: ❌ failure
• Run: §24019350098
• Network allowlist: Only .openai.com and standard CDN/package/certificate domains — GitHub and chatgpt.com not included

Workflow: Schema Feature Coverage Checker (1 run analyzed)

Domain	Blocked Count	Allowed Count	Block Rate	Category
api.anthropic.com	0	12	0%	AI Services
github.com	1	0	100%	GitHub Services
chatgpt.com	1	0	100%	OpenAI Services
api.github.com	1	0	100%	GitHub Services

• Total requests: 15
• Blocked requests: 3
• Allowed requests: 12
• Block rate: 20%
• Engine: Codex (codex_exec/0.118.0)
• Conclusion: ❌ failure
• Run: §24022436614
• Network allowlist: Same minimal configuration — GitHub and chatgpt.com blocked

Allowed Domains Observed Across All Workflows

The following domains were successfully accessed across 39 firewall-enabled workflow runs:

Domain	Usage
api.anthropic.com	Claude AI inference (most workflows)
api.githubcopilot.com	GitHub Copilot inference
api.openai.com	OpenAI API (Codex inference)
codeload.github.com	GitHub code downloads
github.com	GitHub operations (workflows with this allowed)
pkg.go.dev	Go package documentation
proxy.golang.org	Go module proxy
pypi.org	Python package index
raw.githubusercontent.com	GitHub raw file access
registry.npmjs.org	npm package registry
storage.googleapis.com	Google Cloud Storage
sum.golang.org	Go module checksum database

---

View Complete Blocked Domains List

All unique blocked domains from the analysis period (alphabetical order):

Domain	Total Blocks	Affected Workflows	Category
api.github.com	2	AI Moderator, Schema Feature Coverage Checker	GitHub Services
chatgpt.com	2	AI Moderator, Schema Feature Coverage Checker	OpenAI Consumer Services
github.com	2	AI Moderator, Schema Feature Coverage Checker	GitHub Services

Note: An additional 1 blocked request for domain "value" was reported by the audit tool for the Instructions Janitor workflow, but this appears to be a data artifact — no corresponding TCP_DENIED entry exists in the Squid access log. This may be a template placeholder that leaked into detection metadata.

---

Security Recommendations

🔧 Actionable Fixes

1. AI Moderator — Add missing network permissions to the workflow frontmatter:

   network:
     allowed:
       - github.com
       - api.github.com

   The Codex engine also attempts to reach chatgpt.com. If this is intentional, add it; if not, the workflow may need to be configured to use api.openai.com only.

2. Schema Feature Coverage Checker — Same issue as AI Moderator. The Codex CLI needs GitHub access for git operations. Add the same network permissions.

🔍 Security Insights

3. chatgpt.com domain: The Codex CLI (codex_exec/0.118.0) attempts connections to chatgpt.com (consumer product URL) in addition to api.openai.com. Workflows using Codex that need external AI access may need to explicitly allowlist this domain — or investigate whether the Codex CLI should be using the API endpoint instead.

4. Pattern: Both blocked workflows used the Codex engine and both failed. Codex engine workflows consistently attempt github.com, api.github.com, and chatgpt.com in addition to api.openai.com. All Codex-based workflows should audit their network permissions to ensure these are explicitly allowed if needed.

5. deny-default rule coverage: All 6 blocked requests were caught by the deny-default catch-all rule rather than specific deny rules. This is the expected and secure behavior — it confirms no workflows are attempting to bypass security via raw IPs or unsafe ports.

6. Zero false positives on legitimate domains: All workflows that should have access to github.com, api.anthropic.com, api.openai.com, etc. accessed them successfully. The firewall is not over-blocking.

References:

• §24019350098 — AI Moderator (blocked: 3)
• §24022436614 — Schema Feature Coverage Checker (blocked: 3)
• §24029069382 — Instructions Janitor (artifact anomaly noted)

Generated by Daily Firewall Logs Collector and Reporter · ● 5.5M · ◷

• expires on Apr 9, 2026, 12:05 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily Firewall Logs Collector and Reporter.

A newer discussion is available at Discussion #25080.