Skip to main content

Exposing Ports

You can expose TCP ports to the outside world by specifying the ports you want to expose in the ports parameter. ports accepts a list, so you can expose multiple ports too. In the example below, we expose two ports:
  • 8888 for a Jupyter Notebook server
  • 3000 for a separate application or web server
Once your Pod is running, both ports will be available at a public URL.

Network Security

Blocking Outbound Traffic

You can block all outbound network access from your Pod while still allowing inbound connections to exposed ports. This is useful for security-sensitive workloads that shouldn’t communicate with external services.
With block_network=True, the Pod can receive requests on exposed ports but cannot make outbound connections to external services.

Allow Lists (CIDR Ranges)

For more fine-grained control, you can specify an allow list of CIDR ranges that your Pod is permitted to connect to. All other outbound traffic will be blocked.
Important Notes:
  • Maximum of 10 CIDR entries per Pod
  • Supports both IPv4 and IPv6 addresses
  • Must use proper CIDR notation (e.g., "8.8.8.8/32" for a single IP)
  • Cannot use allow_list and block_network together - they are mutually exclusive
  • Invalid CIDR values will trigger an error at creation time

Static IPs

Pods are served in a static IP range, making it possible to whitelist the Beam IP range from the client. For the static IP range, send us a message in Slack.