> ## Documentation Index
> Fetch the complete documentation index at: https://docs.repacket.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Firewall

> Control internet access by applying access rules to categories and domains

<Note>
  The Repacket Firewall provides fine-grained control over web access while maintaining flexibility for legitimate business needs.
</Note>

## Overview

The Repacket Firewall allows administrators to control internet access by applying rules to different [categories](/config/categories), domains, and user groups. This core feature provides precise control over what web resources can be accessed across your organization.

<CardGroup cols={2}>
  <Card title="Category-Based Filtering" icon="folder-tree" color="#07edb5">
    Apply rules to entire [categories](/config/categories) of websites (e.g., Social Media, Gambling)
  </Card>

  <Card title="Flexible Rule Types" icon="sliders" color="#07edb5">
    Choose between Allow, Block, or Warn for different levels of control
  </Card>

  <Card title="Granular Exceptions" icon="user-gear" color="#07edb5">
    Create exceptions for specific users or groups that need different access
  </Card>

  <Card title="Custom Categories" icon="layer-group" color="#07edb5">
    Build your own categories to meet your organization's unique needs
  </Card>
</CardGroup>

## How It Works

The Firewall operates by targeting internet traffic based on matching entities, and applying actions (allow, warn, block) as a result.

The "Identity" section of the rule builder can be used to target or make exceptions for different users and groups.

## Creating Firewall Rules

<Steps>
  <Step title="Navigate to Firewall Settings">
    Go to the [Firewall section](https://app.repacket.com/gateway#firewall) in your Repacket dashboard.
  </Step>

  <Step title="Create a new rule">
    Click the "Create new rule" button in the top right corner.
  </Step>

  <Step title="Select matching rules">
    Select what traffic properties or [categories](/config/categories) this should apply to.
  </Step>

  <Step title="(Optional) Select specific users">
    Select users that this rule should or shouldn't apply to.
  </Step>

  <Step title="Select an action">
    Select Allow, Warn or Block based on your security policy.

    Warn actions can be configured to show a custom template, suggesting a company-approved alternative, for instance.

    <Frame>
      <img src="https://mintcdn.com/repacket/x9Fsst5mYSfkF6RK/images/block-gambling.png?fit=max&auto=format&n=x9Fsst5mYSfkF6RK&q=85&s=735c3f12dc962d2a9d7db0a3f95aabfe" alt="Setting a Block rule for the Gambling category" width="1008" height="1199" data-path="images/block-gambling.png" />
    </Frame>
  </Step>

  <Step title="Save Changes">
    Apply your changes to enforce the new rule across your network.
  </Step>
</Steps>

## Best Practices

<AccordionGroup>
  <Accordion title="Start with High-Risk Categories">
    Begin by blocking high-risk [categories](/config/categories) like Malware, Phishing, and Adult Content to establish baseline protection.
  </Accordion>

  <Accordion title="Use Warn Mode for Borderline Categories">
    For [categories](/config/categories) that may have legitimate business uses (like Social Media), consider using Warn mode instead of Block.
  </Accordion>

  <Accordion title="Create Role-Based Exceptions">
    Define exceptions based on job roles rather than individuals when possible for easier management.
  </Accordion>
</AccordionGroup>

## Related Features

<CardGroup cols={2}>
  <Card title="Phishing Prevention" icon="shield-halved" href="/modules/phishing-prevention">
    Enhanced protection against sophisticated phishing attacks
  </Card>

  <Card title="Just-in-Time Exceptions" icon="clock" href="/modules/jit-exceptions">
    Allow temporary access to blocked categories when needed
  </Card>

  <Card title="Custom Categories" icon="folder-plus" href="/config/categories">
    Create your own categories for more granular control
  </Card>

  <Card title="User Management" icon="users" href="/modules/access/users">
    Manage users and groups for exception handling
  </Card>
</CardGroup>
