diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb
index 4aa6126590..0157982a49 100644
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@@ -91,6 +91,32 @@ class Sandbox
     end
   end
 
+  sig { params(path: T.any(String, Pathname), type: Symbol).void }
+  def allow_network(path:, type: :literal)
+    add_rule allow: true, operation: "network*", filter: path_filter(path, type)
+  end
+
+  sig { params(path: T.any(String, Pathname), type: Symbol).void }
+  def deny_network(path:, type: :literal)
+    add_rule allow: false, operation: "network*", filter: path_filter(path, type)
+  end
+
+  sig { void }
+  def allow_all_network
+    add_rule allow: true, operation: "network*"
+  end
+
+  sig { void }
+  def deny_all_network
+    add_rule allow: false, operation: "network*"
+  end
+
+  sig { params(path: T.any(String, Pathname)).void }
+  def deny_all_network_except_pipe(path)
+    deny_all_network
+    allow_network path:, type: :literal
+  end
+
   def exec(*args)
     seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)
     seatbelt.write(@profile.dump)