# Using microvm.nix to sandbox Openclaw

link · 2026-07-02

> My initial instinct was to go full near-airgap: remove the default route, run an SNI-based TLS proxy on the host, and only allow traffic to `api.telegram.org` and `openrouter.ai`.
>
> I built this with unbound returning fake DNS records pointing at the host bridge IP, nginx stream with `ssl_preread` doing SNI-based forwarding, nftables dropping everything in the FORWARD chain.
>
> It worked, technically. But it was brittle. The proxy needed careful handling of dynamic IPs, and Openclaw's error messages when DNS returned unexpected results were… unhelpful.
>
> For this demo, I just said screw it and allowed everything (with a log). The VM has full internet access, but every DNS query and every new connection is visible from the host.

Continuing on my [research around microvm](/links/using-microvms), I discovered [microvm.nix](https://github.com/microvm-nix/microvm.nix) and yet another way of monitoring and/or locking down networking for vms that will be used by agents.

[via Bogdan Buduroiu's blog](https://buduroiu.com/blog/openclaw-microvm/?utm_source=aliou.me&utm_medium=markdown)
