e2b-dev · mintlify · May 30, 2026
diff --git a/docs/sandbox/internet-access.mdx b/docs/sandbox/internet-access.mdx
@@ -16,7 +16,7 @@
 const sandbox = await Sandbox.create({ allowInternetAccess: true })

 // Create sandbox without internet access
 const isolatedSandbox = await Sandbox.create({ allowInternetAccess: false })
 ```
 ```python Python
 from e2b import Sandbox
@@ -47,7 +47,7 @@
 ```js JavaScript & TypeScript
 import { Sandbox, ALL_TRAFFIC } from 'e2b'

 // Deny all traffic except specific IPs
 const sandbox = await Sandbox.create({
  network: {
    denyOut: [ALL_TRAFFIC],
@@ -55,8 +55,8 @@
  }
 })

 // Deny specific IPs only
 const restrictedSandbox = await Sandbox.create({
  network: {
    denyOut: ['8.8.8.8']
  }
@@ -84,7 +84,7 @@

 ### Domain-based filtering

 You can allow traffic to specific domains by specifying hostnames in `allow out`. When using domain-based filtering, you must include `ALL_TRAFFIC` in `deny out` to block all other traffic. Domains are not supported in the `deny out` list.

 <CodeGroup>
 ```js JavaScript & TypeScript
@@ -112,7 +112,7 @@
 </CodeGroup>

 <Note>
 When any domain is used, the default nameserver `8.8.8.8` is automatically allowed to ensure proper DNS resolution.
 </Note>

 You can also use wildcards to allow all subdomains of a domain:
@@ -148,10 +148,10 @@
 ```js JavaScript & TypeScript
 import { Sandbox, ALL_TRAFFIC } from 'e2b'

 // Allow traffic to specific domains and IPs
 const sandbox = await Sandbox.create({
  network: {
    allowOut: ['api.example.com', '*.github.com', '8.8.8.8'],
    denyOut: [ALL_TRAFFIC]
  }
 })
@@ -173,6 +173,16 @@
 Domain-based filtering only works for HTTP traffic on port 80 (via Host header inspection) and TLS traffic on port 443 (via SNI inspection). Traffic on other ports uses CIDR-based filtering only. UDP-based protocols like QUIC/HTTP3 are not supported for domain filtering.
 </Note>
 
+<Warning>
+**Blocked connections may appear successful from inside the sandbox.**
+
+For TCP traffic, the firewall has to accept the connection on the sandbox-side proxy first and then use a syscall to retrieve the original destination IP before it can decide whether the destination is allowed. This means that, from inside the sandbox, a TCP connection (e.g. a `connect()` call or a check like `bash -c '</dev/tcp/host/port'`) can succeed and report the socket as open even when the destination is denied by your `denyOut` rules — no packets actually reach the destination.
+
+To verify that traffic is reaching its destination, check for an application-level response (e.g. an HTTP status code, a TLS handshake, or expected protocol bytes) rather than relying on the TCP connection succeeding.
+
+This is a limitation of how outbound traffic is currently routed from the sandbox to our firewall and may change in the future.
+</Warning>
+
 ### Priority rules
 
 When both `allow out` and `deny out` are specified, **allow rules always take precedence** over deny rules. This means if an IP address is in both lists, it will be allowed.
@@ -303,10 +313,10 @@
 ```js JavaScript & TypeScript
 import { Sandbox } from 'e2b'

 // Block all egress except an explicit allowlist
 await Sandbox.create({
  network: {
    denyOut: ({ allTraffic }) => [allTraffic],   // allTraffic === '0.0.0.0/0'
    allowOut: ['1.1.1.1', '8.8.8.0/24'],
  },
 })