# Combined Policies

## Overview

This policy allows you to customize a tailored security blanket for your protocol, unique to your protocol's business offering. This is a common best practice through which security is seen as a multi-layered onion, where each layer protects against different attack vectors.

## Protected Attack Vector

Based on your configuration, this policy will allow you to protect against any number of attack vectors, by combining them in different orders and configurations.

## How It Works

1. When a transaction reaches this policy, it goes through the list of configured policy combinations.<br>
2. Once all policies finished executing and inspecting the incoming transactions, the policy checks if the combined results matches any of the configured combinations.<br>
3. If a matching combination exist, the transaction will be allowed to go through.\
   Otherwise, it will be reverted.

## Setup Instructions

1. Deploy your own version of this policy *(see* [*Source Code*](#source-code)*)*.<br>
2. Call the [setConsumersStatuses()](#setconsumersstatuses) method to configure which consumers are allowed to interact with this policy.<br>
3. Call the [setFirewall()](#setfireall) method to set which [Firewall](/firewall/glossary.md#firewall) is allowed to use this policy.<br>
4. Call the [setAllowedCombinations()](#setallowedcombinations) method to set what policies combinations you want this policy to work with.<br>
5. Add the newly deployed policy to the [Firewall](/firewall/glossary.md#firewall) *(you can do this* [*Globally*](/firewall/configuration/firewall-configuration.md#global-policies) *or* [*Per-Method*](/firewall/configuration/firewall-configuration.md#per-method-policies)*, see* [*Policy Administration*](/firewall/configuration/policy-administration.md)*)*.<br>
6. That's it!

## Properties

<table><thead><tr><th width="287">Name</th><th width="256.3333333333333">Type</th><th>Description</th></tr></thead><tbody><tr><td>firewallAddress</td><td><code>address</code></td><td>the address of the <a href="/pages/SytHKgKfwQDKzbldyqNt#firewall">Firewall</a> that can use this policy</td></tr><tr><td><code>allowedCombinationHashes</code></td><td><code>bytes32[]</code></td><td>the list of allowed policies combinations <em>(hashed)</em></td></tr><tr><td><code>isAllowedCombination</code></td><td><code>mapping</code><br><code>(bytes32 => bool)</code></td><td>a mapping between combination hashes and their status <em>(<code>true</code> or <code>false</code>)</em></td></tr><tr><td><code>approvedConsumer</code></td><td><code>mapping</code><br><code>(address => bool)</code></td><td>a mapping of allowed consumers</td></tr><tr><td><code>policies</code></td><td><code>addresses[]</code></td><td>a list of policy addresses</td></tr><tr><td><code>currentResults</code></td><td><code>bool[][]</code></td><td>a matrix of inspection results, used throughout the execution of the configured policies</td></tr></tbody></table>

## Methods

### setConsumersStatuses()

#### `function setConsumersStatuses(address[] calldata consumers, bool[] calldata statuses)`

Callable only by the policy owner. Sets which consumers are allowed to use this policy.

| Parameter Name | Type                 | Description                                                            |
| -------------- | -------------------- | ---------------------------------------------------------------------- |
| `consumers`    | `address[] calldata` | a list of consumers for which we're setting the statuses               |
| `statuses`     | `bool[] calldata`    | a list of statuses to approve / disapprove the corresponding consumers |

### setFireall()

#### `function setFirewall(address _firewallAddress)`

Callable only by the policy owner. Sets the [Firewall](/firewall/glossary.md#firewall) that can use this policy.

| Parameter Name      | Type      | Description                                                                        |
| ------------------- | --------- | ---------------------------------------------------------------------------------- |
| \_`firewallAddress` | `address` | the address of the [Firewall](broken://pages/aC6C4tZ6rt3RtqZo6Fsj#firewall) to set |

## setAllowedCombinations()

#### `function setAllowedCombinations(address[] calldata _policies, bool[][] calldata _allowedCombinations)`

Callable only by the policy owner. Sets the policies combinations that the policy will use.

| Parameter Name         | Type                 | Description                                                                                                                                                                                                                                               |
| ---------------------- | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `_policies`            | `address[] calldata` | a list of addresses for the policies we want to configure combinations for                                                                                                                                                                                |
| `_allowedCombinations` | `bool[][]`           | <p>a matrix of combinations for allowed policies<br><br>the row length must match the length of the <code>\_policies</code> array<br><br>each row represents a combination policies that need to pass in order to allow the transaction to go through</p> |

## **Security Lifecycle**

This policy runs during both the Firewall's [Pre Execution](/firewall/glossary.md#pre-execution) and the [Post Execution](/firewall/glossary.md#post-execution) hooks.

## Source Code

On our GitHub repository: [CombinedPoliciesPolicy.sol](https://github.com/ironblocks/onchain-firewall/blob/main/packages/onchain-firewall/contracts/policies/CombinedPoliciesPolicy.sol)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ironblocks.com/firewall/policies/combined-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.