fix: Block firewall binary variants in policy blocker deny list

Author: stranma

.claude/hooks/devcontainer-policy-blocker.sh

@@ -105,7 +105,11 @@ done
 # --- Firewall tampering (all tiers) ---
 BLOCKED_FIREWALL=(
     'iptables '
+    'iptables-legacy '
+    'iptables-nft '
     'ip6tables '
+    'ip6tables-legacy '
+    'ip6tables-nft '
     'ipset '
     'nft '
     'init-firewall'

docs/DEVCONTAINER_PERMISSIONS.md

@@ -23,7 +23,7 @@ Regardless of tier, these layers provide defense-in-depth:
 - **unicode-injection-scanner.sh**: Blocks zero-width chars, RTL overrides in file content
 - **firewall-edit-blocker.sh**: Blocks edits to `init-firewall.sh` and sudoers files
 - **devcontainer-policy-blocker.sh**: Catches denied patterns in chained commands (including firewall commands)
-- **Base deny rules (settings.json)**: gh secret/auth/ssh-key/gpg-key, git clean/config, uv self
+- **Base deny rules (settings.json)**: gh secret/auth/ssh-key/gpg-key, git clean/config, uv self, firewall commands (`sudo` is only denied in tier files since bare-metal users may need it)
 
 ## Denied Commands and Approved Alternatives
 

tests/test_hooks.py

@@ -238,5 +238,5 @@ class TestPolicyBlockerFirewallPatterns:
 
     def test_policy_blocker_blocks_firewall_commands(self) -> None:
         content = (HOOKS_DIR / "devcontainer-policy-blocker.sh").read_text(encoding="utf-8")
-        for pattern in ["iptables ", "ip6tables ", "ipset ", "nft ", "init-firewall"]:
+        for pattern in ["iptables ", "iptables-legacy ", "iptables-nft ", "ip6tables ", "ip6tables-legacy ", "ip6tables-nft ", "ipset ", "nft ", "init-firewall"]:
             assert pattern in content, f"devcontainer-policy-blocker missing firewall pattern: {pattern}"