--- a/mod_firewall/actions.lib.lua	Thu Jun 08 17:00:04 2023 +0100
+++ b/mod_firewall/actions.lib.lua	Thu Jun 08 19:15:12 2023 +0100
@@ -220,20 +220,29 @@
 end
 
 function action_handlers.MARK_USER(name)
-	return ([[fire_event("firewall/marked/user", {
+	return ([[if session.username and session.host == current_host then
+			fire_event("firewall/marked/user", {
 				username = session.username;
 				mark = %q;
 				timestamp = current_timestamp;
 			});
-		]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)), { "timestamp" };
+		else
+			log("warn", "Attempt to MARK a remote user - only local users may be marked");
+		end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)), {
+			"current_host";
+			"timestamp";
+		};
 end
 
 function action_handlers.UNMARK_USER(name)
-	return ([[fire_event("firewall/unmarked/user", {
+	return ([[if session.username and session.host == current_host then
+			fire_event("firewall/unmarked/user", {
 				username = session.username;
 				mark = %q;
 			});
-		]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name));
+		else
+			log("warn", "Attempt to UNMARK a remote user - only local users may be marked");
+		end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name));
 end
 
 function action_handlers.ADD_TO(spec)