A method, and associated system and computer program product, for modifying rules in a firewall infrastructure are described. A unit of deployment including application code and a signed passport is received at a requestor module on a server. The passport includes a heart-beat time-out interval, a firewall rule, and a first application hash value. A trigger signal within the heart-beat time-out interval is generated. The application code is hashed, resulting in a second application hash value. In response to authenticating the passport and determining the first and second application hash values as being equal, the signed passport and trigger signal are transmitted to a border control agent of the firewall; the firewall rule is continuously confirmed within a time interval shorter than the heart-beat time-out interval; and the firewall is modified according to the firewall rule.