By default, the containers in which Spotfire® Enterprise Runtime for R (a/k/a TERR™) scripts are running have access to network resources given to it.

If Spotfire Enterprise Runtime for R scripts are not running in restricted execution (REX) mode, then any TERR scripts can connect to the network. To restrict external network access for the container, and therefore any scripts running within it, the node manager computer must be configured in such a way that the containers cannot reach the network. One way to do this is by implementing iptables rules that block traffic from Docker containers to outside networks.