From 43086502889812cc7fd5162dc0c0e9640fd5308a Mon Sep 17 00:00:00 2001
From: opcm <opcm@users.noreply.github.com>
Date: Sun, 13 Oct 2024 12:24:09 +0000
Subject: [PATCH] apply step-security policy

---
 .github/workflows/freebsd_build.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/freebsd_build.yml b/.github/workflows/freebsd_build.yml
index 73f52312..f56e3f0c 100644
--- a/.github/workflows/freebsd_build.yml
+++ b/.github/workflows/freebsd_build.yml
@@ -16,9 +16,15 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.0
       with:
-        egress-policy: audit
+        egress-policy: block
+        allowed-endpoints: >
+          freebsd.pool.ntp.org:443
+          github.com:443
+          objects.githubusercontent.com:443
+          pkg.FreeBSD.org:443
+          pkg.FreeBSD.org:80
 
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       with: