By default, your codespaces have access to all resources on the public internet, including package managers, license servers, databases, and cloud platform APIs, but they have no access to resources on private networks.
The currently supported method of accessing resources on a private network is to use a VPN. It is currently not recommended to allowlist codespaces IPs as this would allow all codespaces (both yours and those of other customers) access to the network protected resources.
The easiest way to access resources behind a private network is to VPN into that network from within your codespace.
There are also a number of third party solutions that, while not explicitly endorsed by GitHub, have provided examples of how to integrate with Codespaces.
These third party solutions include:
While GitHub publishes IP ranges for several products on its Meta API, codespaces IPs are dynamically assigned, meaning your codespace is not guaranteed to have the same IP address day to day. We highly discourage users from allowlisting an entire IP range, as this would give overly broad access to all codespaces (including users not affiliated with your codespaces).
For more information about the Meta API, see "Meta."
At present, there is no way to restrict codespaces from accessing the public internet, or to restrict appropriately authenticated users from accessing a forwarded port.
For more information on how to secure your codespaces, see "Security in GitHub Codespaces."