behrensd/mcp-firewall

Overview

A deterministic security proxy for MCP tool calls that enforces rules before forwarding or blocking requests. Inspired by iptables, it provides explicit rule-based control over which MCP tools can be invoked and by whom. Written in TypeScript, it runs as a middleware layer between the MCP client and server.

Best for

Best for
Developers needing a simple, deterministic firewall for MCP-based applications

Use cases

• Restrict MCP tool access to authorized clients only
• Audit and log all MCP tool invocations in deterministic order
• Enforce rate limiting or tool allowlists/denylists

Notes

A deterministic security proxy for MCP tool calls that enforces rules before forwarding or blocking requests. Inspired by iptables, it provides explicit rule-based control over which MCP tools can be invoked and by whom. Written in TypeScript, it runs as a middleware layer between the MCP client and server.

3 stars on GitHub. Last updated 2026-02-25.

Use cases

• Restrict MCP tool access to authorized clients only
• Audit and log all MCP tool invocations in deterministic order
• Enforce rate limiting or tool allowlists/denylists

Pros

• Deterministic behavior with explicit rule sets
• Lightweight and focused on a single security function
• Familiar iptables-style syntax for developers

Cons

• Niche tool with low community adoption (3 stars)
• Requires understanding of MCP and iptables-like rule syntax
• May not cover all MCP protocol edge cases or advanced threat patterns

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.