Firewall Rules

Manage L3/L4 nftables rules and L7 WAF policies.

Granular Rule Management is CLI-Only

For maximum security and performance, low-level firewall rules (nftables) and permanent bans are managed via the Gateway CLI and Redis.

Useful CLI Commands

# View active bans
docker exec -it icrofirewall-redis redis-cli ZRANGE icrf:bans:active 0 -1 WITHSCORES
# Manually ban an IP
docker exec -it icrofirewall-redis redis-cli SET icrf:ip:pban:1.2.3.4 '{"reason":"manual"}'
# Flush all temporary bans
docker exec -it icrofirewall-redis redis-cli DEL icrf:bans:active

Tip: You can quickly toggle global protection features like Rate Limiting and JS Challenges on the Settings page.