GitHub - dzervas/mcp-firewall

2 min read Original article ↗

MCP-FIREW🔒️LL

This is a small tool that sits between the agent and all tool use requests and is able to apply regex-based policies per folder, git repo and user.

It currently supports Claude Code and GitHub Copilot CLI through the pretooluse hook.

Quickstart

Download and install the release binary somewhere that is accessible from your $PATH environment variable. For more installtion instructions check the Installation section

Add the required snippet to your agent of choice:

Claude Code

In either ~/.config/settings.json (global) or .config/settings.json (per-project):

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "",
        "hooks": [
          {
            "type": "command",
            "command": "/usr/local/bin/mcp-firewall claude"
          }
        ]
      }
    ]
  }
}
GitHub Copilot CLI

In .github/hooks/mcp-firewall.json (per-project):

{
  "version": 1,
  "hooks": {
    "preToolUse": [
      {
        "type": "command",
        "command": "/usr/local/bin/mcp-firewall claude"
      }
    ]
  }
}

Then all you have to do is write your first policy. Here's a good starting point:

~/.config/mcp-firewall/config.jsonnet

[
	{
		name: 'Simple commands',
		// Note the space at the end of the patterns!
		// Without it, commands like 'sortmalliciously' would also be allowed!
		allow: [
			'echo ',
			'sort ',
			'uniq ',
			'wc ',
			'ls( -\w+)?$', // Allow ls, ls -lah, etc. but not ls /etc/secrets!
		],
	}
]

Tip

While mcp-firewall uses jsonnet for all the policy files, it's done only to allow for more complex and shared policies. If you're not familiar with the language, treat it as normal JSON with the added benefit of supporting comments!

Installation

To download and install mcp-firewall:

  • Download the latest compiled binary from the releases
  • Clone and build the project using go build -o mcp-firewall ./cmd
  • Just run it with nix run git+https://github.com/dzervas/mcp-firewall - no installation steps (not recommended)
  • Use the nix flake as input:
NixOS/Home-Manager installation with flake

flake.nix

{
  inputs.mcp-firewall.url = "github:dzervas/mcp-firewall";
  inputs.mcp-firewall.inputs.nixpkgs.follows = "nixpkgs";
}

I'm going to assume that the input is in speciaArgs so that it's accessible from any module:

configuration.nix

environment.systemPackages = [ inputs.mcp-firewall.packages.x86_64-linux.default ]

home-manager.nix

home.packages = [ inputs.mcp-firewall.packages.x86_64-linux.default ]

More installation options are coming soon!

Advanced Usage

For users that want to expand a bit further and utilize jsonnet for shared rulesets across projects, here are some useful info:

  • The lib subdirectory of ~/.config/mcp-firewall or the value of $MCP_FIREWALL_CONFIG_DIR can be used for libsonnet files
  • The vendor subdirectory under the afformentioned directories can be used for vendored libraries (using jsonnet-bundler for example)
  • The used jsonnet implementation is go-jsonnet, you can see which version in go.mod