Firewall
Composable join-time rules with finer control than Anti-Raid's single age + threshold gate. Each rule is a kind+action pair.
Rule kinds
| Kind | Triggers when |
|---|---|
account_age | The joiner's Discord account is younger than N days. |
username_regex | The joiner's username matches a regex pattern. |
bot_account | The joiner is a bot account (added via the Bot tab on Discord developer portal). |
avatar_required | The joiner has the default Discord avatar (no custom upload). |
flag_required | The joiner's account is missing a specified Discord public flag (verified, hypesquad, etc.). |
block_user_id | The joiner's user ID matches an explicit block list. |
Actions
| Action | Effect |
|---|---|
block | Don't let them in. Kick on join. |
quarantine | Let them in but strip roles + give them the Quarantine role. |
challenge | Trigger Verification for this user. |
log | Just log the hit. Useful for tuning before enforcing. |
Settings (per rule)
| Setting | What it does |
|---|---|
| Kind | One of the above. |
| Action | One of the above. |
| Enabled | Toggle without deleting. |
| Priority | Lower-numbered rules evaluate first. The first matching rule's action wins. |
| Label | Your name for it ("Block fresh accounts", "Quarantine no-avatar joins"). |
| Config | Kind-specific settings (see below). |
Per-kind config
account_age
min_age_days— required minimum.
username_regex
pattern— the regex.flags— typicallyiu(case-insensitive, unicode).
bot_account
- No config. Always triggers on bot joins.
avatar_required
- No config. Triggers on default-avatar accounts.
flag_required
flags— array of required flag names from Discord's public-flags list.
block_user_id
user_ids— array of Discord IDs to block.
Example rule sets
Light protection
- Account age < 1 day → log
- Bot account → block
Standard protection
- Account age < 7 days → challenge (route via verification)
- No avatar → challenge
- Bot account → block
High security
- Account age < 30 days → block
- No avatar → quarantine
- Username regex
^[a-z]{6,8}\\d{4}$(auto-generated names) → block - Bot account → block
Tips
- Priorities matter. A user matching multiple rules gets the action from the FIRST rule (lowest priority number) that fires. Order accordingly.
logfirst, enforce later. Adding a new rule withloglets you see hit rates over a few days before flipping toblock.username_regexis a hammer. Test patterns thoroughly in the dashboard's Test pane.block_user_idis the "fed-trust" entry point — paste IDs of known scammers reported by other servers. (Phantom doesn't ship a shared blocklist yet; this is per-server.)
Cross-Server Sync
Firewall rules fully sync across networks — kind, action, config, priority, label all propagate. Subscribers can override individual rules locally.
Limits
- 50 firewall rules per guild
Permissions
security.view— see rules + hit logsecurity.edit— add / edit / toggle / delete rules
Behaviour
- Rules evaluate in
priorityorder. First match wins; subsequent rules don't fire. - Hit log retained 30 days.
- A blocked user can be unblocked by deleting / disabling the rule that blocked them, then they can rejoin.
Related pages
- Verification — the
challengeaction's destination - Anti-Raid — coarse join-rate detection
- Blacklist — simpler "auto-action this user ID on join"
- Cross-Server Sync — share rules across servers