diff --git a/sandboxes/nemoclaw/policy.yaml b/sandboxes/nemoclaw/policy.yaml
index d7ec59b..3a1422e 100644
--- a/sandboxes/nemoclaw/policy.yaml
+++ b/sandboxes/nemoclaw/policy.yaml
@@ -127,16 +127,3 @@ network_policies:
       - { path: /usr/local/bin/claude }
       - { path: /usr/bin/gh }
 
-  # --- Private network access (allowed_ips) ---
-  # Allows any binary to reach services on the k3s cluster pod network
-  # (10.42.0.0/16). Without allowed_ips, the proxy's SSRF check blocks
-  # all connections to private RFC 1918 addresses.
-  cluster_pods:
-    name: cluster-pods
-    endpoints:
-      - port: 8080
-        allowed_ips:
-          - "10.42.0.0/16"
-    binaries:
-      - { path: "/**" }
-
diff --git a/sandboxes/openclaw/policy.yaml b/sandboxes/openclaw/policy.yaml
index fc0e225..9e2ef78 100644
--- a/sandboxes/openclaw/policy.yaml
+++ b/sandboxes/openclaw/policy.yaml
@@ -126,18 +126,7 @@ network_policies:
       - { path: /usr/local/bin/claude }
       - { path: /usr/bin/gh }
 
-  # --- Private network access (allowed_ips) ---
-  # Allows any binary to reach services on the k3s cluster pod network
-  # (10.42.0.0/16). Without allowed_ips, the proxy's SSRF check blocks
-  # all connections to private RFC 1918 addresses.
-  cluster_pods:
-    name: cluster-pods
-    endpoints:
-      - port: 8080
-        allowed_ips:
-          - "10.42.0.0/16"
-    binaries:
-      - { path: "/**" }
+
 
 inference:
   allowed_routes: