Enterprise DNA
M MCP Servers Developer low

behrensd/mcp-firewall

by Various

Deterministic security proxy for MCP tool calls — iptables for MCP

B

MCP

behrensd/mcp-firewall

Added 1 June 2026

#ai-safety #claude-code #firewall #json-rpc #mcp #model-context-protocol #proxy #security

Overview

A deterministic security proxy for MCP tool calls that enforces rules before forwarding or blocking requests. Inspired by iptables, it provides explicit rule-based control over which MCP tools can be invoked and by whom. Written in TypeScript, it runs as a middleware layer between the MCP client and server.

Best for

Best for
Developers needing a simple, deterministic firewall for MCP-based applications

Use cases

  • Restrict MCP tool access to authorized clients only
  • Audit and log all MCP tool invocations in deterministic order
  • Enforce rate limiting or tool allowlists/denylists

How to use

Install

npx mcpwall -- npx -y @modelcontextprotocol/server-filesystem /path/to/dir

Tools exposed

  • not_under
  • response_contains
  • response_contains_regex
  • response_size_exceeds
  • log_only

Tested with

Claude Code, Cursor, Windsurf, VS Code

Notes

A deterministic security proxy for MCP tool calls that enforces rules before forwarding or blocking requests. Inspired by iptables, it provides explicit rule-based control over which MCP tools can be invoked and by whom. Written in TypeScript, it runs as a middleware layer between the MCP client and server.

3 stars on GitHub. Last updated 2026-02-25.

Use cases

  • Restrict MCP tool access to authorized clients only
  • Audit and log all MCP tool invocations in deterministic order
  • Enforce rate limiting or tool allowlists/denylists

Pros

  • Deterministic behavior with explicit rule sets
  • Lightweight and focused on a single security function
  • Familiar iptables-style syntax for developers

Cons

  • Niche tool with low community adoption (3 stars)
  • Requires understanding of MCP and iptables-like rule syntax
  • May not cover all MCP protocol edge cases or advanced threat patterns

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Deterministic behavior with explicit rule sets
  • Lightweight and focused on a single security function
  • Familiar iptables-style syntax for developers

Cons

  • Niche tool with low community adoption (3 stars)
  • Requires understanding of MCP and iptables-like rule syntax
  • May not cover all MCP protocol edge cases or advanced threat patterns

Pairs with

Other entries in the index that connect to this one. Click through to see the chain.

Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks