OPNSense MCP Server
A server that enables managing OPNSense firewalls through natural language interactions with Claude Desktop, supporting VLAN management, firewall rules configuration, and network interface queries.
Tools
configure
Configure OPNsense connection
list_vlans
List all VLANs
get_vlan
Get VLAN details
create_vlan
Create a new VLAN
delete_vlan
Delete a VLAN
update_vlan
Update VLAN description
list_firewall_rules
List all firewall rules
get_firewall_rule
Get firewall rule details
create_firewall_rule
Create a new firewall rule
create_firewall_preset
Create a firewall rule from a preset
update_firewall_rule
Update a firewall rule
delete_firewall_rule
Delete a firewall rule
toggle_firewall_rule
Toggle firewall rule enabled/disabled
find_firewall_rules
Find firewall rules by description
create_backup
Create a configuration backup
list_backups
List available backups
restore_backup
Restore a configuration backup
test_connection
Test API connection and authentication
get_interfaces
List available network interfaces
README
OPNSense MCP Server
A Model Context Protocol (MCP) server for managing OPNSense firewalls through natural language interactions with Claude Desktop.
Features
Phase 1 & 2 (Complete)
- VLAN Management: Create, update, delete, and list VLANs
- Firewall Rules: Manage firewall rules with presets and custom configurations
- Network Interfaces: Query available network interfaces
Phase 3 (Infrastructure Ready)
- Configuration Backup System: Automatic backups before changes
- Cache Layer: Redis-based caching for improved performance
- Audit Database: PostgreSQL-based audit trail
- DHCP Lease Management: View and search connected devices
Prerequisites
- Node.js 18+ and npm
- OPNSense firewall with API access enabled
- Claude Desktop with MCP support
- (Optional) Docker for Redis/PostgreSQL deployment
Installation
- Clone the repository:
git clone https://github.com/yourusername/opnsense-mcp.git
cd opnsense-mcp
- Install dependencies:
npm install
- Copy the environment template:
cp .env.example .env
- Configure your OPNSense API credentials in
.env:
OPNSENSE_HOST=https://your-opnsense-ip:port
OPNSENSE_API_KEY=your-api-key
OPNSENSE_API_SECRET=your-api-secret
OPNSENSE_VERIFY_SSL=true
# Start with optional features disabled
ENABLE_CACHE=false
BACKUP_ENABLED=false
- Build the project:
npm run build
Claude Desktop Configuration
Add this to your Claude Desktop configuration:
{
"mcpServers": {
"opnsense": {
"command": "node",
"args": ["C:\\path\\to\\opnsense-mcp\\dist\\index.js"],
"cwd": "C:\\path\\to\\opnsense-mcp"
}
}
}
Usage Examples
Once configured in Claude Desktop, you can use natural language commands:
- "List all VLANs"
- "Create VLAN 30 for gaming on interface igc3"
- "Show all firewall rules"
- "Create a rule to allow Minecraft on the gaming VLAN"
- "Find all rules that allow SSH"
- "Disable the rule blocking port 80"
Optional Features
Redis Cache & PostgreSQL Audit (Phase 3)
For enhanced performance and audit trails, deploy Redis and PostgreSQL:
# On your infrastructure server
docker run -d --name mcp-redis -p 6379:6379 redis:7-alpine
docker run -d --name mcp-postgres -p 5432:5432 \
-e POSTGRES_DB=opnsense_mcp \
-e POSTGRES_USER=mcp_user \
-e POSTGRES_PASSWORD=secure_password \
postgres:15-alpine
Then update your .env:
ENABLE_CACHE=true
REDIS_HOST=your-redis-host
POSTGRES_HOST=your-postgres-host
Architecture
Claude Desktop <--> MCP Server (Local) <--> OPNSense API
|
└--> (Optional) Redis/PostgreSQL
Security Notes
- Never commit
.envfiles with real credentials - Use HTTPS for OPNSense API connections
- Store API keys securely
- Consider network segmentation for management interfaces
Development
# Run TypeScript directly (development)
npm run dev
# Build for production
npm run build
# Run tests
npm test
Roadmap
- [x] Phase 1: Basic VLAN management
- [x] Phase 2: Firewall rule management
- [x] Phase 3: Infrastructure (backup, cache, audit)
- [ ] Phase 4: DHCP static mappings
- [ ] Phase 5: Multi-MCP orchestration
Contributing
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
License
MIT License - see LICENSE file for details
Acknowledgments
- Built for the Model Context Protocol
- Designed to work with Claude Desktop
- Part of a larger Infrastructure as Code vision
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.