Firewall & Block Events
The Sielum Firewall lets you control which domains AI agents can reach. Block rules are enforced at the OS network layer — connections to blocked domains are dropped before any data leaves the endpoint.
Domain rules
Each firewall rule targets one domain (and all its subdomains). Rules have two modes:
| Mode | Behavior |
|---|---|
| Audit | Connection is allowed but logged as a Block Event in the dashboard |
| Enforce | Connection is dropped; the Block Event is logged |
Audit mode is useful for understanding traffic patterns before committing to enforcement. Switch to Enforce mode once you are confident the rule is correct.
Creating a firewall rule
- Navigate to Firewall in the left sidebar
- Click New Rule
- Enter the target domain (e.g.
api.openai.com) - Select the mode: Audit or Enforce
- Optionally add a description
- Click Save — the rule is pushed to all enrolled agents at the next heartbeat (≤ 60 seconds)
Example rules
| Domain | Use case |
|---|---|
api.openai.com | Block direct ChatGPT API access from AI agents |
api.anthropic.com | Block direct Claude API access (not via approved proxy) |
generativelanguage.googleapis.com | Block Gemini API |
copilot.github.com | Block GitHub Copilot completion endpoint |
Block Events
Every time a firewall rule triggers, a Block Event is recorded. Block Events are visible in Firewall → Block Events and show:
- Timestamp
- Endpoint hostname and agent type
- Destination domain and IP
- Matching rule
- Mode (Audit / Enforce)
Block Events are preserved for audit purposes even after a rule is deleted or changed to Audit mode.
How enforcement works
When the agent runs in privileged mode (requires CAP_NET_ADMIN on Linux), firewall rules are enforced via:
- Linux:
iptables(IPv4) andip6tables(IPv6) - macOS:
pf(handles both address families) - Windows: WFP (Windows Filtering Platform)
In user mode, firewall enforcement is not available — rules operate in Audit-only mode regardless of the configured mode. See Agent Installation → for details on operating modes.