fence ☆

« Back to VersTracker

Description:
Lightweight sandbox for commands with network and filesystem restrictions

Type: Formula | Tracked Since: Jan 26, 2026

Links: Homepage | GitHub | formulae.brew.sh

Stars: 194 | Forks: 3 | Language: Go | Category: Security

Tags: sandbox security go isolation cli

Install: brew install fence

About:
Fence is a lightweight sandboxing tool written in Go that isolates command execution by restricting network access and filesystem operations. It provides a simple way to run untrusted commands or scripts in a controlled environment, minimizing potential damage from malicious or buggy code. Its main value is offering easy-to-use, command-level containment without the complexity of full virtual machines or containers.

Key Features:

Network access restriction (block inbound/outbound traffic)
Filesystem access control (allow/deny specific paths)
Lightweight process isolation via Linux namespaces and seccomp-bpf
Simple command-line interface for quick sandboxing
Written in Go for portability and single-binary deployment

Use Cases:

Safely running untrusted scripts or binaries from external sources
Isolating build or test processes to prevent accidental system modifications
Creating a restricted environment for educational or demo purposes

Alternatives:

firejail – More feature-rich and complex sandbox with GUI support, whereas fence is minimalist and CLI-focused.
bubblewrap – Lower-level sandboxing tool often used by Flatpak; fence provides a more user-friendly command wrapper.
docker – Full containerization solution; fence is a much lighter alternative for simple command isolation.

Version History

Detected	Version	Rev	Change	Commit
Jan 26, 2026 9:57pm		0	META	26e6b474