# nsjail Jail Type

> [!NOTE]
> Agent Firewall requires the [AI Governance Add-On](https://coder.com/docs/ai-coder/ai-governance.md).
> As of Coder v2.32, deployments without the add-on will not be able to
> access Agent Firewall.

nsjail is Agent Firewall's default jail type that uses Linux namespaces to
provide process isolation. It creates unprivileged network namespaces to control
and monitor network access for processes running under Boundary.

**Running on Docker, Kubernetes, or ECS?** See the relevant page for runtime
and permission requirements:

- [nsjail on Docker](https://coder.com/docs/ai-coder/agent-firewall/nsjail/docker.md)
- [nsjail on Kubernetes](https://coder.com/docs/ai-coder/agent-firewall/nsjail/k8s.md)
- [nsjail on ECS](https://coder.com/docs/ai-coder/agent-firewall/nsjail/ecs.md)

## Overview

nsjail leverages Linux namespace technology to isolate processes at the network
level. When Agent Firewall runs with nsjail, it creates a separate network
namespace for the isolated process, allowing Agent Firewall to intercept and
filter all network traffic according to the configured policy.

This jail type requires Linux capabilities to create and manage network
namespaces, which means it has specific runtime requirements when running in
containerized environments like Docker and Kubernetes.

## Architecture

<img width="1228" height="604" alt="Boundary" src="https://github.com/user-attachments/assets/1b7c8c5b-7b8f-4adf-8795-325bd28715c6" />