The Firewall section lets you define rules that block network traffic at the eBPF layer — before packets reach userspace. Rules match on IP address, port, and direction, and can be toggled on or off without being deleted. A maximum of 32 rules can be active at one time.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/pythops/oryx/llms.txt
Use this file to discover all available pages before exploring further.
Rule fields
Each firewall rule has four fields:| Field | Description |
|---|---|
| Name | A human-readable label for the rule (required) |
| IP | The IP address to block — IPv4 or IPv6 (required) |
| Port | A single port number (e.g. 443) or * to match all ports (required) |
| Direction | Ingress (incoming) or Egress (outgoing) |
New rules are always created in the disabled state. You must explicitly enable a rule with
Space before it takes effect.Keyboard actions
| Key | Action |
|---|---|
n | Open the form to add a new rule |
e | Edit the selected rule (disabled rules only) |
d | Delete the selected rule |
Space | Toggle the selected rule between enabled and disabled |
s | Save all rules to ~/oryx/firewall.json |
j / Down | Move selection down |
k / Up | Move selection up |
Inside the new/edit form
| Key | Action |
|---|---|
Tab | Move focus to the next field (Name → IP → Port → Direction) |
j / Down | Set Direction to Ingress (when Direction field is focused) |
k / Up | Set Direction to Egress (when Direction field is focused) |
Enter | Validate and save the rule |
Esc | Discard changes and close the form |
Adding a rule
Open the new rule form
Press
n. A form popup appears with four fields: Name, IP, Port, and Direction.Fill in the fields
Use
Tab to move between fields. Enter a name, a valid IP address, and a port number or * for all ports. Set the direction with j/k when the Direction field is focused.Save the rule
Press
Enter to validate and add the rule. Validation errors (empty fields, invalid IP, invalid port) are shown inline in red.Editing a rule
Persisting rules
Rules exist only in memory by default. To save them across sessions, presss. Oryx writes all current rules to ~/oryx/firewall.json.
The
~/oryx/ directory is created automatically if it does not exist. File ownership is set to the invoking sudo user, not root.Duplicate rule validation
Oryx rejects duplicate rules. A rule is considered a duplicate if another rule with the same IP address and direction already exists with:- The same port number, or
- A port of
*(all ports), which would supersede any single-port rule for that IP and direction.
Rule limit
The firewall section accepts a maximum of 32 rules (MAX_FIREWALL_RULES). Attempting to add a rule when the limit is reached displays a warning notification.