Docs · Tools
Firewall Advisor
Finding an exposed port is half the job — closing it is the other half. Firewall Advisor takes your scan findings and generates the exact ufw, iptables or netsh commands to lock the surface down.
- Category
- Defense & Hardening
- Powered by
rule generator (ufw / iptables / netsh)- Edition
- Free
- Where
- Desktop → Firewall Advisor tab
What it does
Firewall Advisor reviews the ports a scan found open, decides which are unnecessary or risky, and writes the matching deny/allow rules for your platform's firewall — so you can copy, review and apply them rather than craft syntax by hand.
- ufw — for Ubuntu/Debian hosts.
- iptables — for generic Linux.
- netsh advfirewall — for Windows.
How to use it
1
Scan first
Run the Port Scanner or Defense Monitor so there are open-port findings to advise on.
2
Open Firewall Advisor
It reads the findings and proposes rules for each unnecessary or high-risk port.
3
Review, then apply
Read each suggested rule, confirm it matches your intent, then run it on the host.
What you get
A copy-ready set of firewall commands tailored to your OS. In the Fleet, the SecOps SOAR playbooks can enable the firewall or block an IP automatically as an active-response step — dry-run by default — see /docs/secops.
Tips
- Always keep your management port (SSH/RDP) allowed for your own IP before applying deny-all rules.
- Apply on a test host first, confirm you still have access, then roll out.
Suggestion, not auto-apply. Firewall Advisor generates rules for you to review — it does not silently change your firewall. You stay in control of what gets applied.