Introducing Threat Stack Firewall

Threat Stack is proud to announce the public beta of Threat Stack Firewall, an easy and effective way to manage firewall policies across your internal and cloud based infrastructure.

If you’ve been following the blog, this new product is the outcome of our first company Hackathon. As we mentioned, we are offering this firewall management solution free of charge for an unlimited amount of servers. In its current form, Threat Stack Firewall can help customers quickly reduce the overall attack surface on the publicly accessible infrastructure that they maintain.

Let’s walk through how the solution works:

First, click on the new option called “Firewall” on the main Threat Stack Dashboard. After clicking it, we will see a listing of all agents with the firewall management functionality deployed.


We can see two active agents that are connected. Let’s add our European web server. To do that we will click on “Add new agent.”


During the beta period, the firewall agent is separate from our primary incident response agent. The agents can co-mingle on the same server, without conflict. Let’s run the installer.


The agent is now deployed. We can see that it now appears on the agent listing page and has a status of “pending”.


We can click into the agent, see its properties and confirm the registration by clicking on the “Register” button.


Once registered, the agent will have our default firewall policy instantly applied. In our case, SSH is protected in our default policy, so we lose access.


We can regain SSH access by clicking on the “request access” button in the firewall rules table. Access can be bound to a specific IP, a range of IPs (defined with CIDR notation), or to all IP addresses. Access is time-bound and will auto-terminate once the lease has expired.


If we want, we can define a new policy for all of our cloud servers, by using the following screen.


Additional Notes

As mentioned above, this solution is still in early beta and while currently useful, is not feature complete. We plan on implementing the following features over the coming weeks:

Global Blacklist – A list of IP addresses that will be blocked from all infrastructure regardless of policy.

IP Whitelists – Lists of acceptable IP addresses that may be used for scoping specific firewall policies.

Multi-user support – Enable multiple users to access the Threat Stack UI to request access to protected infrastructure.

iOS Application – Request access remotely through a mobile application.

Bug Reporting & Support

If you run into bugs or issues, please open a support ticket by browsing to or by emailing [email protected] Feature requests and public feedback can also be left at