playbooks

home / mcp / mcp firewall server

MCP FirewalL Server

Provides a local policy-driven proxy that blocks unsafe MCP tool calls, scans for secrets, and logs activity.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "behrensd-mcp-firewall": {
      "command": "npx",
      "args": [
        "-y",
        "mcpwall",
        "--",
        "docker",
        "mcp",
        "gateway",
        "run"
      ],
      "env": {
        "LOG_DIR": "~/.mcpwall/logs"
      }
    }
  }
}

You are about to place a protective layer between your MCP client tools and MCP servers. This MCP firewall, mcpwall, enforces policy-defined rules that block dangerous tool calls, detect secret leakage, and log all activity with a deterministic, rule-driven approach. It operates locally, with no AI or cloud dependence, ensuring you maintain full control over what your agents can do.

How to use

Use mcpwall as a standard proxy in front of your MCP servers. It sits between your MCP client (the AI coding tool) and the real MCP server, inspecting every tool invocation and applying the configured rules. You can wrap an entire MCP gateway or individual servers, enabling comprehensive visibility and control over tool usage.

How to install

Prerequisites: you need Node.js and npm installed on your system.

# Install globally so you can run the proxy from anywhere
npm install -g mcpwall

# Or run directly with npx for a quick start
npx mcpwall -- npx -y @modelcontextprotocol/server-filesystem /path/to/dir

Additional configuration and usage details

You can place mcpwall in front of MCP servers in multiple ways. The example below shows how to wrap a Docker-based MCP gateway, so every tool call is filtered before reaching the real server.

{
  "mcpServers": {
    "MCP_DOCKER": {
      "command": "npx",
      "args": ["-y", "mcpwall", "--", "docker", "mcp", "gateway", "run"]
    }
  }
}

Audit and security features you get

- Blocking sensitive file access such as SSH keys, environment files, and credentials. - Preventing dangerous commands, including destructive shells or recursive removals. - Scanning for leaked API keys, tokens, and private keys with regex and entropy checks. - Maintaining a JSON Lines audit log with every tool call, while redacting sensitive arguments on deny.

Operational notes

mcpwall uses deterministic rules and does not perform any remote calls or cloud-based analysis. It will fail closed on invalid configurations to avoid leaking data or enabling unsafe behavior.

Troubleshooting

If you encounter startup failures, review your YAML configuration for syntax errors, ensure all regex patterns compile at startup, and confirm that path guards such as not_under correctly reference existing directories. Check logs under your log_dir to inspect rule evaluations and denied actions.

Available tools

read_file

Reads a file's contents as part of a tool call, subject to policy controls.

write_file

Writes data to a file, controlled by path-based restrictions and policy rules.

tools/call

JSON-RPC tool invocation that the proxy inspects to apply rules.

secret_scanner

Analyzes arguments and content for leaked credentials or keys as defined by secret patterns.