ironsh / iron-proxy

Public

An egress firewall for untrusted workloads.

100% credibility

Found Apr 02, 2026 at 86 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

AI Summary

iron-proxy is a security guard that sits between untrusted code and the internet, blocking unauthorized outbound connections and safely swapping fake credentials for real ones.

How It Works

🛡️ Discover iron-proxy

You hear about a simple guard that stops untrusted code like AI helpers or build jobs from secretly sending data to bad places.

🚀 Try the quick demo

Run the ready-made example to see it instantly block sneaky outgoing calls while letting good ones through.

✅ Set your allowed spots

Pick the exact websites and addresses your code can reach—anything else gets a firm 'no access' right away.

🔒 Hide real passwords

Give your code fake entry codes; the guard swaps them for your true ones only when sending out safely.

⚙️ Route your work through it

Point your running programs to go through the guard, so they behave normally but under your control.

📊 Check the activity log

Watch clear reports of every attempt: good trips succeed, bad ones get noted and stopped.

😌 Work securely forever

Your team now runs risky code confidently, with leaks blocked and secrets protected every time.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 86 to 86 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is iron-proxy?

iron-proxy is a Go-based MITM egress proxy with built-in DNS server that locks down outbound traffic from untrusted workloads like CI jobs or AI agents. It enforces default-deny egress firewall rules via domain globs and CIDRs, intercepts DNS to route everything through itself, and swaps proxy tokens for real secrets at the boundary—keeping actual creds out of sandboxes. Expect structured JSON audit logs per request, plus native support for WebSockets and SSE.

Why is it gaining traction?

Unlike Squid's ACL maze or Envoy's YAML overload, iron-proxy delivers egress firewalling with a single binary and YAML config—no scripting needed. It stands out for boundary secret injection and per-transform audit trails, making egress firewall vs network policy debates irrelevant for untrusted code. Devs love the docker-compose egress firewall example and nftables integration for enforced routing.

Who should use this?

SREs securing GitHub Actions or CI pipelines against exfiltration. Kubernetes/OpenShift admins implementing egress firewall k8s without Istio complexity. Teams running AI coding agents like Claude or Cursor that need egress firewall policy to block phoning home.

Verdict

Grab it for prototypes or small teams—solid docs, examples, and tests make setup fast despite 86 stars and 1.0% credibility score. Maturity lags for prod scale (check iron.sh for enterprise), but it's a smart egress firewall dns pick today.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 86 stars

Penalty: Very new repo (0d): -70%

Penalty: New repo with many stars: -90% (possible fake)

Bonus: AI verified quality (100%)

Account age: 196 days

Repo age: 0 days

License: Apache-2.0

Updated: Apr 02, 2026