# Whitelist
## Overview
This policy acts as an allowlist of accounts that are allowed to interact with your protocol.\
Transactions from senders that are not in allow list will be reverted.
## Protected Attack Vector
This policy protects against fraudulent and/or unauthorized transactions to your protocol. If an attacker discovers some business logic flaw in a smart contract which would normally grant access to restricted parts of your protocol - this allow list policy can mitigate that, by only allowing certain senders access to privileged business flows.
## How It Works
1. Policy owners add allowed senders to the allow list by calling the [`setConsumerAllowlist()`](#setconsumerallowlist)\
and setting the status to `true`.
2. Senders can now interact with the protocol as normal, transactions will be allowed to go through.
3. As needed, policy owners can remove senders from the allow list by calling [`setConsumerAllowlist`() ](#setconsumerallowlist)and setting the status to `false`.
## Setup Instructions
1. Deploy your own version of this policy *(see* [*Source Code*](#source-code)*)*.
2. Call the [`setConsumerAllowlist()`](#setconsumerallowlist) method to setup which consumers are allowed to execute calls to your smart contract.
3. Add the newly deployed policy to the [Firewall](/firewall/glossary.md#firewall) *(you can do this* [*Globally*](/firewall/configuration/firewall-configuration.md#global-policies) *or* [*Per-Method*](/firewall/configuration/firewall-configuration.md#per-method-policies)*, see* [*Policy Administration*](/firewall/configuration/policy-administration.md)*)*.
4. That's it!
## Properties
Name
Type
Description
consumerAllowlist
mapping
(address =>
mapping
(address => bool)
)
the list of sender addresses that are allowed to access a consumer smart contract
for example: [consumerAddress][senderAddress] = true
## Methods
### setConsumerAllowlist()
#### `function setConsumerAllowlist(address consumer, address account, bool status)`
Callable only by the policy owner. Sets the approval of `account` to send transactions to `consumer` to either `true` or `false` *(allowing or disallowing the `account` to interact with the `consumer`)*.
| Parameter Name | Type | Description |
| -------------- | --------- | ---------------------------------------------------------- |
| `consumer` | `address` | the consumer smart contract to be protected by this policy |
| `account` | `address` | the sender's address |
| `status` | `bool` | the status of the approval |
## **Security Lifecycle**
This policy runs during the [Firewall's Pre-Execution hook](/firewall/glossary.md#pre-execution).
## Source Code
On our GitHub repository: [AllowlistPolicy.sol](https://github.com/ironblocks/onchain-firewall/blob/main/packages/onchain-firewall/contracts/policies/AllowlistPolicy.sol)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ironblocks.com/firewall/policies/whitelist.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.