OPNsense MCP Server
Model Context Protocol server for comprehensive OPNsense firewall management that enables AI assistants to directly manage firewall configurations, diagnose network issues, and automate complex networking tasks.
Get this MCP server
Model Context Protocol server for comprehensive OPNsense firewall management that enables AI assistants to directly manage firewall configurations, diagnose network issues, and automate complex networking tasks.
Installation
Global installation via NPM
npm install -g opnsense-mcp-server
From source
git clone https://github.com/vespo92/OPNSenseMCP.git
cd OPNSenseMCP
npm install
npm run build
NPX
opnsense-mcp-server
Configuration
Claude Desktop
{
"mcpServers": {
"opnsense": {
"command": "npx",
"args": ["opnsense-mcp-server"],
"env": {
"OPNSENSE_HOST": "https://your-opnsense:port",
"OPNSENSE_API_KEY": "your-key",
"OPNSENSE_API_SECRET": "your-secret",
"OPNSENSE_VERIFY_SSL": "false"
}
}
}
}
Available Tools
| Tool | Description |
|---|---|
firewall_list_rules |
List all firewall rules |
firewall_create_rule |
Create a new rule |
firewall_update_rule |
Update an existing rule |
firewall_delete_rule |
Delete a rule |
firewall_apply_changes |
Apply pending changes |
nat_list_outbound |
List outbound NAT rules |
nat_set_mode |
Set NAT mode |
nat_create_outbound_rule |
Create a NAT rule |
nat_fix_dmz |
Fix DMZ NAT issues |
nat_analyze_config |
Analyze NAT configuration |
arp_list |
List ARP table entries |
routing_diagnostics |
Diagnose routing issues |
routing_fix_all |
Auto-fix routing problems |
interface_list |
List network interfaces |
vlan_create |
Create a VLAN |
Features
- Full CRUD operations for firewall rules
- Proper handling of automation rules created via API
- Routing configuration between VLANs
- Batch creation and rule management
- Enhanced resilience with multiple fallback methods
- Outbound NAT rule management
- NAT mode control (automatic/hybrid/manual/disabled)
- No-NAT exclusion rules for inter-VLAN traffic
- Automatic DMZ NAT issue resolution
- Direct XML configuration manipulation
Environment Variables
Required
OPNSENSE_HOST- OPNsense host URL with protocol and portOPNSENSE_API_KEY- API key for authenticationOPNSENSE_API_SECRET- API secret for authenticationOPNSENSE_VERIFY_SSL- Whether to verify SSL certificates
Optional
OPNSENSE_SSH_HOST- SSH host for advanced capabilitiesOPNSENSE_SSH_USERNAME- SSH usernameOPNSENSE_SSH_PASSWORD- SSH passwordOPNSENSE_SSH_KEY_PATH- Path to private SSH key file
Usage Examples
Automatically fix routing issues between DMZ and LAN
Allow NFS traffic from DMZ to NAS by creating firewall rules
Run comprehensive routing diagnostics between networks
Execute OPNsense CLI commands, such as pfctl for state checking
Create and manage VLAN configurations
Notes
Requires Node.js 18+ and OPNsense v24.7+. SSH access is optional but enables advanced NAT capabilities and CLI command execution. The server provides over 50 MCP tools for comprehensive firewall management. Includes comprehensive testing utilities and extensive documentation.