pfClaude
Enables bidirectional control and monitoring of pfSense firewalls through Claude, with full API access for configuration and diagnostics, plus autonomous emergency response capabilities when network connectivity is lost.
Category
README
pfsense-mcp
A bidirectional AI agent for pfSense. Two components, one package: an MCP server for Claude Code control, and an emergency brain that activates when your network needs help.
Status: Planning Author: Claude (claude@arktechnwa.com) + Meldrey License: MIT Organization: ArktechNWA
Why?
Your AI assistant can help configure firewalls, but it's blind to your network's health. It can't see if your WAN is down, can't check DHCP leases, can't restart a stuck interface.
Worse: when your network breaks, you lose access to your AI assistant entirely.
pfclaude solves both problems:
- Normal mode: Claude Code controls pfSense via MCP — full visibility, full capability
- Emergency mode: When Claude Code is unreachable, pfSense's onboard brain activates — diagnostics, notifications, autonomous recovery
Philosophy
- Maximum capability — Expose everything pfSense can do
- User controls exposure — Checkbox permissions, not hardcoded limits
- Maximum availability — Multiple transport channels, graceful fallbacks
- Lightweight emergency brain — Minimal resource usage, adaptive monitoring
- Bidirectional communication — Email commands work even when network is broken
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ Claude Code (workstation) │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ pfsense-mcp │ │
│ │ - Full pfSense API passthrough │ │
│ │ - All operations: firewall, NAT, DHCP, VPN, logs, etc. │ │
│ │ - Authenticated over HTTPS │ │
│ └─────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
↕ HTTPS + API Key (primary)
↕ SSH (fallback)
┌─────────────────────────────────────────────────────────────────┐
│ pfSense Router │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ pfClaude Package │ │
│ │ │ │
│ │ NORMAL MODE │ EMERGENCY MODE │ │
│ │ ───────────── │ ────────────── │ │
│ │ API Server │ Watchdog Daemon │ │
│ │ ↕ MCP talks here │ ↳ Health monitors │ │
│ │ │ ↳ Trigger detection │ │
│ │ Full pfSense ops │ ↳ Decision engine │ │
│ │ Auth'd requests │ ↳ Autonomous actions │ │
│ │ │ ↳ Notification dispatch │ │
│ │ │ │ │
│ │ ───────────────────────────────────────────────────────── │ │
│ │ SHARED INFRASTRUCTURE │ │
│ │ • Permission matrix (checkboxes) │ │
│ │ • SMTP client (outbound alerts) │ │
│ │ • Email parser (inbound commands) │ │
│ │ • Cloud beacon (optional status sync) │ │
│ │ • Local knowledge base (patterns, history) │ │
│ └─────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Authentication
API Authentication
Simple, proven security:
{
"auth": {
"api_key": "randomly-generated-64-char-key",
"require_https": true,
"ip_whitelist": ["192.168.1.0/24", "10.0.0.5"],
"rate_limit": 100,
"lockout_threshold": 5,
"lockout_duration": 900
}
}
- API key transmitted in header:
X-PfClaude-Key: <key> - HTTPS required (uses pfSense's existing certificate)
- Optional IP whitelist (only accept from known Claude IPs)
- Rate limiting: 100 requests/min default
- Failed auth lockout: 5 failures → 15 min ban
Email Authentication
For inbound email commands:
Subject: [PFCLAUDE:1234] status
- Sender must be in whitelist
- PIN must match configured value
- Timestamp validation (reject if >5min old)
- Rate limit: 10 commands/hour
Trigger Conditions
Tiered detection with configurable thresholds:
Tier 1: Monitoring (always on, ultra-light)
| Check | Description | Default |
|---|---|---|
| Interface link state | Is the physical link up? | ✓ |
| Heartbeat reception | Has Claude Code checked in? | ✓ |
| Gateway reachability | Can we ping default gateway? | ✓ |
| WAN connectivity | Can we reach external IPs? | ✓ |
Tier 2: Concern (triggers increased monitoring)
| Check | Description | Default |
|---|---|---|
| Packet loss > 10% | Network degraded | ✓ |
| Latency spike > 3x | Something's congested | ✓ |
| DNS resolution failing | Name lookups broken | ✓ |
| DHCP not responding | Clients can't get IPs | ✓ |
| Unusual traffic volume | 5x normal (attack? loop?) | ✓ |
Tier 3: Emergency (activates autonomous response)
| Check | Description | Default |
|---|---|---|
| LAN interface down | Physical link lost | ✓ |
| N consecutive heartbeat misses | Default: 3 | ✓ |
| Gateway unreachable for N seconds | Default: 60 | ✓ |
| WAN up but LAN unreachable | Asymmetric failure | ✓ |
| All monitored hosts unreachable | Total LAN failure | ✓ |
Health Check Design
Lightweight, adaptive, CPU-aware:
┌─────────────────────────────────────────────────────────────────┐
│ ADAPTIVE FREQUENCY │
│ │
│ State: HEALTHY → Check every 60s │
│ State: CONCERNED → Check every 15s │
│ State: DEGRADED → Check every 5s │
│ State: EMERGENCY → Check every 2s (active response mode) │
│ │
│ CPU AWARENESS │
│ • If system load > 80%, halve check frequency │
│ • If memory < 10% free, disable non-critical checks │
│ • Never consume > 2% CPU for monitoring │
│ │
│ HYSTERESIS │
│ • Each check returns: OK (0), WARN (1), FAIL (2) │
│ • Aggregate score determines state transition │
│ • Need 3 consecutive same-state readings to transition │
└─────────────────────────────────────────────────────────────────┘
Autonomous Actions
User configures what pfClaude can do WITHOUT asking:
Always Safe (default: enabled)
| Action | Description |
|---|---|
| Log events locally | Always on |
| Send email notification | Alert user |
| Update cloud beacon status | External visibility |
| Capture diagnostic snapshot | Preserve state |
Diagnostic (default: enabled)
| Action | Description |
|---|---|
| Run connectivity tests | ping, traceroute |
| Capture interface statistics | Counters, errors |
| Gather recent log entries | Context for diagnosis |
| Check service status | What's running/stopped |
| Query ARP/NDP tables | Who's on the network |
Restorative (default: disabled)
| Action | Description |
|---|---|
| Restart specific interface | Often fixes link issues |
| Flush connection state table | Clears stuck connections |
| Restart DHCP service | Fixes lease issues |
| Restart DNS resolver | Fixes resolution issues |
| Clear ARP cache | Fixes stale entries |
| Restart specific service | Configurable list |
Failover (default: disabled)
| Action | Description |
|---|---|
| Switch to backup WAN gateway | Major network change |
| Enable/disable interface | Significant impact |
| Apply emergency ruleset | Pre-configured safe rules |
| Trigger CARP failover | HA environments |
Defensive (default: disabled)
| Action | Description |
|---|---|
| Block IPs exceeding threshold | Anti-DoS |
| Enable emergency rate limiting | Protect resources |
| Activate lockdown ruleset | Maximum security |
| Disable non-essential services | Reduce attack surface |
Local Intelligence
Pattern Memory
{
"pattern_memory": {
"enabled": true,
"database": "/var/db/pfclaude/patterns.db",
"max_size_mb": 10,
"retention_days": 90
}
}
- Stores: "Last time X happened, Y was the cause"
- Learns: "Interface restart fixed this 3/4 times"
- Tracks: Normal baselines (traffic, latency, errors)
- SQLite DB, <10MB footprint
Haiku Batch Analysis (optional)
{
"haiku_analysis": {
"enabled": true,
"schedule": "0 3 * * *",
"api_key_env": "PFCLAUDE_ANTHROPIC_KEY",
"sanitize": ["ip", "mac", "hostname"],
"max_log_lines": 1000
}
}
- Nightly batch: Send sanitized logs to Anthropic
- Haiku analyzes patterns, anomalies, recommendations
- Results stored locally as "learned insights"
- Cost: ~$0.01/day for typical home network
Notification Channels
User configures their own escalation paths:
{
"notifications": {
"email": {
"enabled": true,
"smtp_server": "smtp.gmail.com",
"smtp_port": 587,
"username_env": "SMTP_USER",
"password_env": "SMTP_PASS",
"recipients": ["you@example.com"]
},
"pushover": {
"enabled": false,
"api_key_env": "PUSHOVER_KEY",
"user_key_env": "PUSHOVER_USER"
},
"webhook": {
"enabled": false,
"url": "https://your-service.com/webhook",
"headers": {"Authorization": "Bearer xxx"}
},
"telegram": {
"enabled": false,
"bot_token_env": "TELEGRAM_TOKEN",
"chat_id": "123456789"
},
"cloud_beacon": {
"enabled": false,
"url": "https://your-beacon.com/status",
"shared_secret_env": "BEACON_SECRET"
}
}
}
Escalation Levels
| Level | Actions |
|---|---|
| INFO | Log only |
| NOTICE | Log + cloud beacon |
| WARNING | Log + cloud + email |
| CRITICAL | Log + cloud + email + push + webhook |
| EMERGENCY | ALL channels + repeated alerts until ack'd |
Email Commands
When WAN works but LAN doesn't, email becomes the control channel:
Command Format
To: pfclaude@your-pfsense.com
Subject: [PFCLAUDE:1234] status
Body: (optional context)
Available Commands
| Command | Description |
|---|---|
status |
Current state summary |
changes <N>m |
What changed in last N minutes |
logs <N> |
Last N log lines |
diagnose |
Run full diagnostic suite |
restart <iface> |
Restart interface (if permitted) |
help |
List available commands |
Example Response
Subject: Re: [PFCLAUDE:1234] status
pfClaude Status Report
Generated: 2025-12-29 15:42:00 UTC
SYSTEM: DEGRADED (score: 4/10)
Interfaces:
WAN (igb0): UP - 98.2.1.45 - 12ms latency
LAN (igb1): UP - 192.168.1.1 - NO TRAFFIC 5min ← Problem
OPT1 (igb2): DOWN - disabled
Recent Events:
15:37 - LAN traffic dropped to zero
15:38 - DHCP requests stopped
15:40 - Watchdog entered CONCERNED state
Recommended: Check switch connectivity to LAN port
Cloud Beacon (optional)
For checking router status from anywhere:
{
"cloud_beacon": {
"enabled": true,
"url": "https://your-beacon-server.com/api/beacon",
"router_id": "home-pfsense",
"shared_secret_env": "BEACON_SECRET",
"frequency_healthy": 60,
"frequency_degraded": 15
}
}
Self-Hosted Option
Docker image provided for running your own beacon receiver:
docker run -d -p 8080:8080 \
-e BEACON_SECRET=your-secret \
arktechnwa/pfclaude-beacon
Features:
- Receives status beacons from pfSense
- Stores recent logs (configurable retention)
- Web dashboard for status checks
- Can relay commands back to pfSense
Beacon Protocol
POST /beacon
{
"router_id": "home-pfsense",
"timestamp": "2025-12-29T15:42:00Z",
"state": "healthy",
"score": 9,
"interfaces": {
"wan": {"status": "up", "ip": "98.2.1.45", "latency_ms": 12},
"lan": {"status": "up", "ip": "192.168.1.1", "clients": 15}
},
"recent_events": [],
"hmac": "..."
}
Payload: <2KB, designed for minimal bandwidth.
MCP Tools
EVERYTHING pfSense can do, exposed via MCP:
System
| Tool | Description | Permission |
|---|---|---|
pf_system_info |
Hostname, version, uptime, resources | read |
pf_system_status |
Overall health summary | read |
pf_system_reboot |
Reboot pfSense | dangerous |
pf_system_shutdown |
Shutdown pfSense | dangerous |
pf_system_config_backup |
Export config XML | read |
Interfaces
| Tool | Description | Permission |
|---|---|---|
pf_interface_list |
All interfaces with status | read |
pf_interface_status |
Detailed status for one | read |
pf_interface_stats |
Traffic counters, errors | read |
pf_interface_restart |
Restart interface | service |
pf_interface_enable |
Enable interface | config |
pf_interface_disable |
Disable interface | config |
Firewall
| Tool | Description | Permission |
|---|---|---|
pf_firewall_rules |
List rules (filter, nat, etc) | read |
pf_firewall_rule_add |
Add rule | config |
pf_firewall_rule_delete |
Delete rule | config |
pf_firewall_rule_modify |
Modify rule | config |
pf_firewall_states |
Connection state table | read |
pf_firewall_states_flush |
Clear state table | service |
pf_firewall_aliases |
Manage aliases | config |
NAT
| Tool | Description | Permission |
|---|---|---|
pf_nat_rules |
Port forwards, outbound NAT | read |
pf_nat_rule_add |
Add NAT rule | config |
pf_nat_rule_delete |
Delete NAT rule | config |
pf_nat_rule_modify |
Modify NAT rule | config |
DHCP
| Tool | Description | Permission |
|---|---|---|
pf_dhcp_leases |
Current leases | read |
pf_dhcp_static_mappings |
Reserved IPs | read |
pf_dhcp_config |
DHCP server config | config |
pf_dhcp_service_restart |
Restart DHCP | service |
DNS
| Tool | Description | Permission |
|---|---|---|
pf_dns_resolver_config |
Unbound config | config |
pf_dns_forwarder_config |
dnsmasq config | config |
pf_dns_override_add |
Add host override | config |
pf_dns_override_delete |
Delete host override | config |
pf_dns_service_restart |
Restart DNS | service |
VPN
| Tool | Description | Permission |
|---|---|---|
pf_vpn_openvpn_status |
OpenVPN connections | read |
pf_vpn_ipsec_status |
IPsec SAs | read |
pf_vpn_wireguard_status |
WireGuard peers | read |
pf_vpn_disconnect |
Disconnect client/tunnel | service |
Routing
| Tool | Description | Permission |
|---|---|---|
pf_routes_table |
Routing table | read |
pf_routes_static |
Static routes | config |
pf_gateway_status |
Gateway health | read |
pf_gateway_switch |
Switch default gateway | config |
Traffic
| Tool | Description | Permission |
|---|---|---|
pf_traffic_graphs |
Bandwidth graphs data | read |
pf_traffic_totals |
Interface totals | read |
pf_traffic_top |
Top talkers | read |
Logs
| Tool | Description | Permission |
|---|---|---|
pf_logs_system |
System logs | read |
pf_logs_firewall |
Firewall logs | read |
pf_logs_dhcp |
DHCP logs | read |
pf_logs_vpn |
VPN logs | read |
pf_logs_search |
Search across all logs | read |
Packages
| Tool | Description | Permission |
|---|---|---|
pf_packages_installed |
Installed packages | read |
pf_packages_available |
Available packages | read |
pf_packages_install |
Install package | dangerous |
pf_packages_remove |
Remove package | dangerous |
Services
| Tool | Description | Permission |
|---|---|---|
pf_services_list |
All services status | read |
pf_services_start |
Start service | service |
pf_services_stop |
Stop service | service |
pf_services_restart |
Restart service | service |
Diagnostics
| Tool | Description | Permission |
|---|---|---|
pf_diag_ping |
Ping from pfSense | read |
pf_diag_traceroute |
Traceroute from pfSense | read |
pf_diag_dns_lookup |
DNS lookup from pfSense | read |
pf_diag_arp_table |
ARP table | read |
pf_diag_ndp_table |
IPv6 neighbor table | read |
pf_diag_sockets |
Open sockets | read |
pf_diag_pftop |
Real-time state table | read |
Permission Matrix
Granular control via pfSense WebGUI:
Permission Levels
| Level | Description |
|---|---|
read |
View status, logs, configuration |
service |
Restart services, flush caches |
config |
Modify configuration |
dangerous |
Reboot, shutdown, package management |
WebGUI Configuration
┌─────────────────────────────────────────────────────────────────┐
│ pfClaude > Settings > Permissions │
├─────────────────────────────────────────────────────────────────┤
│ │
│ MCP API Permissions │
│ ─────────────────────────────────────────────────────────────── │
│ │
│ READ OPERATIONS [Select All] [Clear] │
│ ☑ System info & status │
│ ☑ Interface status & stats │
│ ☑ Firewall rules (view) │
│ ☑ DHCP leases │
│ ☑ Logs (all) │
│ ☑ Diagnostics (ping, traceroute, etc) │
│ │
│ SERVICE CONTROL [Select All] [Clear] │
│ ☐ Restart interfaces │
│ ☐ Restart services (DHCP, DNS, etc) │
│ ☐ Flush state table │
│ ☐ Clear caches │
│ │
│ CONFIGURATION CHANGES [Select All] [Clear] │
│ ☐ Modify firewall rules │
│ ☐ Modify NAT rules │
│ ☐ Modify DHCP settings │
│ ☐ Add/remove static routes │
│ │
│ DANGEROUS OPERATIONS [Select All] [Clear] │
│ ☐ System reboot │
│ ☐ System shutdown │
│ ☐ Install/remove packages │
│ ☐ Gateway failover │
│ │
│ ─────────────────────────────────────────────────────────────── │
│ ☐ BYPASS ALL PERMISSIONS (danger mode) │
│ │
│ [Save] [Reset to Defaults] │
└─────────────────────────────────────────────────────────────────┘
Storage & Hygiene
{
"storage": {
"email_queue": {
"max_messages": 100,
"max_age_days": 10,
"cleanup_schedule": "0 4 * * *"
},
"logs": {
"pfclaude_events_days": 7,
"diagnostic_snapshots_days": 3
},
"pattern_memory": {
"persistent": true,
"compact_schedule": "0 5 * * 0"
},
"total_footprint_mb": 50
}
}
Installation
pfSense Package
System > Package Manager > Available Packages > pfClaude
Or manual:
pkg add https://github.com/ArktechNWA/pfsense-mcp/releases/latest/pfsense.pkg
MCP Server (Claude Code side)
npm install -g @arktechnwa/pfsense-mcp
Claude Code Integration
{
"mcpServers": {
"pfsense": {
"command": "pfsense-mcp",
"env": {
"PFSENSE_HOST": "192.168.1.1",
"PFSENSE_API_KEY": "your-api-key"
}
}
}
}
Requirements
pfSense Side
- pfSense 2.7+ or pfSense Plus 23.09+
- 50MB free storage
- Network connectivity (obviously)
Claude Code Side
- Node.js 18+
- Network access to pfSense
Optional
- Anthropic API key (for Haiku batch analysis)
- SMTP server (for email notifications)
- Self-hosted beacon server (for cloud status)
Security Considerations
- API key authentication — No unauthenticated access
- HTTPS required — Encrypted transport
- IP whitelist — Restrict to known Claude IPs
- Rate limiting — Prevent brute force
- Email PIN — Authenticate inbound commands
- Permission matrix — User controls exposure
- Audit logging — All actions logged
- No default dangerous permissions — User must enable
Credits
Created by Claude (claude@arktechnwa.com) in collaboration with Meldrey. Part of the ArktechNWA MCP Toolshed.
Built because your firewall should be able to call for help when it needs it.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Official
Featured
TypeScript
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Official
Featured
Local
TypeScript
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
Official
Featured
Local
TypeScript
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
Official
Featured
Local
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Official
Featured
TypeScript
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
Official
Featured
Python
E2B
Using MCP to run code via e2b.
Official
Featured
Neon Database
MCP server for interacting with Neon Management API and databases
Official
Featured
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Official
Featured
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Official
Featured