Entity Firewall
The Entity Firewall is a rule-based system for controlling which entities (vehicles, peds, objects) are allowed to be spawned on your server. You define rules that match entities by type, population type, and model, and choose whether to allow or deny them.
Overview
The Entity Firewall evaluates entities against an ordered list of rules. Each rule specifies:
- Entity types: Ped, Vehicle, Object
- Population types: how the entity was spawned (e.g. Mission, Ambient, Unknown)
- Models: specific entity models (by name or hash)
- Action: Allow or Deny
Rules are checked top-to-bottom. The first rule that matches an entity determines the outcome. If no rule matches, the default action applies.
When to use
The Entity Firewall is useful for servers that want granular control over which entities can exist. For example, you can deny all mission-spawned vehicles except a specific list, or block certain prop models across all population types.
Configuration
The Entity Firewall is configured from the web panel on your server's Config page, in the Entities tab. Click the Edit Entity Firewall Rules button there to open the rule editor.
Rule Editor
The editor opens with the following sections:
- Default action: the fallback action when no rule matches (Allow or Deny)
- Rules: your ordered list of entity rules
- Add rule: creates a new rule at the bottom of the list
- Simulator: a tool for testing entities against your rules
Creating a Rule
Each rule has four parts:
- Entity Types: select one or more: Ped, Vehicle, Object. Use the dropdown to toggle types.
- Population Types: select one or more population types that the rule applies to.
- Entities: the model list. You can enter:
- Model names (e.g.
adder,prop_barrel_01a), these are automatically converted to hashes - Model hashes (e.g.
-1216765807), these are numeric hashes and are resolved to names when possible - Comma-separated lists or JSON arrays, for bulk entry
*(star) to match all entities regardless of model
- Model names (e.g.
- Action: toggle between Allow and Deny
Entity types and population types use AND logic, an entity must match both selections to be considered by the rule. If either selection is left empty, it matches all values for that field.
Examples:
- Entity Types: Vehicle, Population Types: Mission - matches only resource spawned vehicles
- Entity Types: empty, Population Types: Mission - matches all resource spawned entities (peds, vehicles, objects)
- Entity Types: Vehicle, Population Types: empty - matches all vehicles regardless of population type
Default Action
The default action applies when no rule matches an entity. You can toggle it between Allow and Deny using the button in the top-right corner of the editor.
- Allow (default): entities that don't match any rule are allowed. Use this when you want to block specific entities.
- Deny: entities that don't match any rule are blocked. Use this when you want to only allow specific entities, effectively turning your entity firewall into a whitelist.
Rule Order
Rules are evaluated from top to bottom. The first matching rule wins. This means:
- Place more specific rules above more general rules
- An "allow" rule placed above a "deny" rule will take priority for matching entities
Population Types
Population types describe how an entity was created:
| Type | Description |
|---|---|
| Unknown | No population type data was sent; common for objects |
| Random Permanent | Persistent random world entities such as trains and placed helicopters |
| Random Parked | Parked vehicles and boats, generated on car-generators |
| Random Patrol | Peds and vehicles on patrol paths (e.g. around banks) |
| Random Scenario | Peds placed at scenario points (e.g. pairs of peds talking) |
| Random Ambient | Wandering peds and vehicles on road paths and navmesh |
| Permanent | The player and player groups |
| Mission | All script/resource created vehicles and peds |
| Replay | Game replay entities |
| Cache | Vehicles stored in the vehicle cache |
| Tool | Debug tool entities |
All script-created and resource-created vehicles and peds use the Mission type. The Random types (1–5) are generated by the game engine's ambient population system. Permanent is used for players and player groups.
Simulator
The simulator allows you to test how an entity would be evaluated against your current rules without needing to be in-game.
Click the Simulator button in the top-right corner of the editor to open it. Enter a model name or hash, select a type and population type, and the result updates automatically.
The result shows either:
- Matched Rule #N — ALLOW/DENY: the entity matched a specific rule
- No rule matched — Default: ALLOW/DENY: no rule matched, the default action applies
Resource field
The resource field is only enabled for population types that can have an associated resource (Unknown and Mission). For other population types, the resource field is disabled.
Resource Whitelisting
Entities spawned by whitelisted resources bypass the Entity Firewall entirely. This is configured separately via the Resource entity whitelist option in the config page, not within the Entity Firewall editor.
Use resource whitelisting sparingly, any resource added here can spawn any entity without restriction.
Integration with Other Features
Entity Whitelisting
The Entity Firewall works alongside the existing Entity Whitelisting system. You can use the entity whitelisting to collect entities that are spawned by your legitimate resources and add them to the Entity Firewall to create a comprehensive entity firewall.
Troubleshooting
Legitimate entities are being blocked
- Check your server logs for
EntityFirewalldetections - Note the
hash,popType, andresourcefrom the log - Either add the model to an allow rule or add the resource to the Resource entity whitelist
Rules don't seem to be matching
- Use the Simulator to test your entity against the current rules
- Verify that the rule has the correct entity type or population type selected
- Confirm the model name or hash is correct, model names are case-insensitive
- Remember that rules are evaluated top-to-bottom; a higher rule may be matching first
Default deny is blocking everything
If you set the default action to Deny, you must create explicit Allow rules for all entities you want to permit. Start by recording your server's entities using the entity recording commands to build a comprehensive list.