diff --git a/run_container.sh b/run_container.sh
index 5a11df3..933d2ca 100755
--- a/run_container.sh
+++ b/run_container.sh
@@ -44,13 +44,22 @@ fi
 # Run the container
 echo "Starting container..."
 $CONTAINER_CMD run --name ${CONTAINER_NAME} \
-    -p 8000:8000 \
+    -p 127.0.0.1:8000:8000 \
     -v "$SOURCE_DIR":/home/appuser/app/source${VOLUME_FLAG} \
+    --read-only \
     --security-opt no-new-privileges:true \
     --cap-drop ALL \
     --user 1000:1000 \
     -d ${CONTAINER_NAME}:latest
 
+
+echo $(podman inspect ${CONTAINER_NAME} --format '{{.State.Pid}}')
+
+sudo nsenter -t $(podman inspect ${CONTAINER_NAME} --format '{{.State.Pid}}') -n nft add table inet filter
+sudo nsenter -t $(podman inspect ${CONTAINER_NAME} --format '{{.State.Pid}}') -n nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }
+sudo nsenter -t $(podman inspect ${CONTAINER_NAME} --format '{{.State.Pid}}') -n \
+  nft add rule inet filter output oif lo accept
+
 # Check if container started successfully
 if [ $? -eq 0 ]; then
     echo "Container started successfully!"
@@ -66,4 +75,4 @@ if [ $? -eq 0 ]; then
 else
     echo "Failed to start container."
     exit 1
-fi
\ No newline at end of file
+fi
diff --git a/source/.gitignore b/source/.gitignore
new file mode 100644
index 0000000..5e7d273
--- /dev/null
+++ b/source/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore