IT

If you run Docker on production servers, sooner or later you will notice that Docker automatically modifies iptables rules. In many cases this behaviour is convenient, but sometimes it makes it difficult to control network access the way you want.

Running OpenClaw directly on your host system is risky. The service has full access to your filesystem and the environment in which it runs. This is powerful — but potentially destructive. Treat it like any other automation tool with shell-level capabilities. Modern AI agents are designed to read files, execute commands and interact with network services. While this makes them extremely useful for automation, it also means that a misconfiguration, prompt injection or malicious extension could potentially affect the entire system. Because of this, the safest approach is to run such tools inside an isolated environment where mistakes cannot easily damage the host system.