Drupal is a registered trademark of Dries Buytaert
drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)! drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). eca 3.1.1 Minor update available for module eca (3.1.1). layout_paragraphs 2.1.3 Minor update available for module layout_paragraphs (2.1.3). ai 1.3.3 Minor update available for module ai (1.3.3). ai 1.2.14 Minor update available for module ai (1.2.14). node_revision_delete 2.0.3 Minor update available for module node_revision_delete (2.0.3). moderated_content_bulk_publish 2.0.52 Minor update available for module moderated_content_bulk_publish (2.0.52). klaro 3.0.10 Minor update available for module klaro (3.0.10). klaro 3.0.9 Minor update available for module klaro (3.0.9). layout_paragraphs 2.1.2 Minor update available for module layout_paragraphs (2.1.2). geofield_map 11.1.8 Minor update available for module geofield_map (11.1.8).
← All modules

drush_firewall

1 sites Security covered
View on drupal.org

Drush Firewall helps you protect your environments against unwanted alterations or running specific commands. It can also prevent running commands when an environment is in maintenance mode (like when deploying new code). For example, Drupal's core cron task still runs when a site is in maintenance #3318964: automated_cron should not run cron when visiting update.php

Configuration

Install the module, and then configure your settings. Generally this is best used per environment-included settings; however, globals can work here as well. The following are available:

  • $settings['drush_firewall_denied'] = [];
    • These commands will never be allowed to run.
  • $settings['drush_firewall_production_denied'] = [];
    • These commands will be denied if the target alias is "prod"
  • $settings['drush_firewall_maintenance_allowed'] = [];
    • These commands will be allowed while the site is in maintenance mode, all other commands (With the exception of necessary - see code) will be denied.

No Bootstrap Commands

Some commands unfortunately do not bootstrap Drupal (See Bootstrap Process) and therefore cannot be run from the module. There is a special file here for things like sql:sync protection or disabling the firewall in some core commands. For this to work, you need to add the module to drush/drush.yml , for example if your docroot was at /var/www/:

drush:  
  include:  
    - '/var/www/docroot/modules/contrib/drush_firewall'

Disable Firewall

In the off chance you need to allow a command that has otherwise been disabled, you can pass along --disable-firewall to the command which will disable all checks.

Activity

Total releases
1
First release
Sep 2025
Latest release
7 months ago
Release cadence
Stability
100% stable

Releases

Version Type Release date
1.0.0 Stable Sep 11, 2025