behrensd/mcp-firewall
by Various
Deterministic security proxy for MCP tool calls — iptables for MCP
MCP
behrensd/mcp-firewall
Added 1 June 2026
Overview
A deterministic security proxy for MCP tool calls that enforces rules before forwarding or blocking requests. Inspired by iptables, it provides explicit rule-based control over which MCP tools can be invoked and by whom. Written in TypeScript, it runs as a middleware layer between the MCP client and server.
Best for
Best for
Developers needing a simple, deterministic firewall for MCP-based applications
Use cases
- Restrict MCP tool access to authorized clients only
- Audit and log all MCP tool invocations in deterministic order
- Enforce rate limiting or tool allowlists/denylists
How to use
Install
npx mcpwall -- npx -y @modelcontextprotocol/server-filesystem /path/to/dir Tools exposed
not_underresponse_containsresponse_contains_regexresponse_size_exceedslog_only
Tested with
Claude Code, Cursor, Windsurf, VS Code
Notes
A deterministic security proxy for MCP tool calls that enforces rules before forwarding or blocking requests. Inspired by iptables, it provides explicit rule-based control over which MCP tools can be invoked and by whom. Written in TypeScript, it runs as a middleware layer between the MCP client and server.
3 stars on GitHub. Last updated 2026-02-25.
Use cases
- Restrict MCP tool access to authorized clients only
- Audit and log all MCP tool invocations in deterministic order
- Enforce rate limiting or tool allowlists/denylists
Pros
- Deterministic behavior with explicit rule sets
- Lightweight and focused on a single security function
- Familiar iptables-style syntax for developers
Cons
- Niche tool with low community adoption (3 stars)
- Requires understanding of MCP and iptables-like rule syntax
- May not cover all MCP protocol edge cases or advanced threat patterns
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Deterministic behavior with explicit rule sets
- Lightweight and focused on a single security function
- Familiar iptables-style syntax for developers
Cons
- Niche tool with low community adoption (3 stars)
- Requires understanding of MCP and iptables-like rule syntax
- May not cover all MCP protocol edge cases or advanced threat patterns
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.