Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Drush Firewall

3 sites Security covered
View on drupal.org

Drush Firewall protects your environments by preventing specific Drush commands from running, especially in production or during maintenance periods. It allows you to define which commands are always denied, which are denied in production, and which are permitted when the site is in maintenance mode.

Drush Firewall helps you protect your environments against unwanted alterations or running specific commands. It can also prevent running commands when an environment is in maintenance mode (like when deploying new code). For example, Drupal's core cron task still runs when a site is in maintenance #3318964: automated_cron should not run cron when visiting update.php

Configuration

Install the module, and then configure your settings. Generally this is best used per environment-included settings; however, globals can work here as well. The following are available:

  • $settings['drush_firewall_denied'] = [];
    • These commands will never be allowed to run.
  • $settings['drush_firewall_production_denied'] = [];
    • These commands will be denied if the target alias is "prod"
  • $settings['drush_firewall_maintenance_allowed'] = [];
    • These commands will be allowed while the site is in maintenance mode, all other commands (With the exception of necessary - see code) will be denied.

No Bootstrap Commands

Some commands unfortunately do not bootstrap Drupal (See Bootstrap Process) and therefore cannot be run from the module. There is a special file here for things like sql:sync protection or disabling the firewall in some core commands. For this to work, you need to add the module to drush/drush.yml , for example if your docroot was at /var/www/:

drush:  
  include:  
    - '/var/www/docroot/modules/contrib/drush_firewall'

Disable Firewall

In the off chance you need to allow a command that has otherwise been disabled, you can pass along --disable-firewall to the command which will disable all checks.

Activity

Total releases
1
First release
Sep 2025
Latest release
10 months ago
Releases (12 mo)
1 ▲ from 0
Maintenance
Slowing

Releases

Version Type Release date
1.0.0 Stable Sep 11, 2025