mcp-pfsense
MCP server for managing pfSense firewalls through AI assistants — firewall rules, DHCP, DNS, gateways, ARP, and services. 17 tools with two-step confirmation for destructive operations.
mcp-pfsense
MCP server for managing pfSense firewalls through AI assistants like Claude, ChatGPT, and Copilot.
Requires: pfrest package installed on your pfSense instance (provides the REST API).
Features
17 tools across 6 categories:
| Category | Tools | Description |
|---|---|---|
| System | get_system_status, get_interfaces | Version, CPU, memory, uptime, temperature, network interfaces |
| Firewall | list_firewall_rules, add_firewall_rule, delete_firewall_rule, list_firewall_aliases | Rule management with interface filtering, alias listing |
| DHCP | list_dhcp_leases, list_dhcp_static_mappings, add_dhcp_static_mapping, delete_dhcp_static_mapping | Active leases, IP reservations |
| DNS | list_dns_host_overrides, add_dns_host_override, delete_dns_host_override | Unbound DNS Resolver host overrides |
| Monitoring | get_gateway_status, get_arp_table, list_services | Gateway health, connected devices, service status |
| Services | restart_service | Restart any pfSense service |
Safety
All destructive operations (delete rules, delete mappings, restart services) require two-step confirmation — the tool returns a warning on first call and only executes when called again with confirm=true.
Installation
# Using uvx (recommended)
uvx mcp-pfsense
# Using pip
pip install mcp-pfsense
Prerequisites
- pfSense with pfrest package installed
- A user account with API access (typically
admin)
Configuration
Set environment variables:
| Variable | Required | Default | Description |
|---|---|---|---|
PFSENSE_HOST | Yes | — | pfSense hostname or IP |
PFSENSE_PASSWORD | Yes | — | API user password |
PFSENSE_USERNAME | No | admin | API username |
PFSENSE_PORT | No | 443 | API port |
PFSENSE_SCHEME | No | https | http or https |
PFSENSE_VERIFY_SSL | No | false | Verify SSL certificate |
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"pfsense": {
"command": "uvx",
"args": ["mcp-pfsense"],
"env": {
"PFSENSE_HOST": "10.10.10.1",
"PFSENSE_PASSWORD": "your-password"
}
}
}
}
Claude Code
claude mcp add pfsense -- uvx mcp-pfsense
Then set environment variables in your shell or .env file.
Usage Examples
Once connected, ask your AI assistant:
- "What's the pfSense system status?"
- "Show me all firewall rules on the LAN interface"
- "List active DHCP leases"
- "Add a DNS entry for nas.home.lan pointing to 10.10.10.50"
- "What devices are connected to the network?" (ARP table)
- "Show gateway health and latency"
- "Create a firewall rule to allow TCP port 8080 on LAN"
- "Reserve IP 10.10.10.60 for MAC aa:bb:cc:dd:ee:20"
API Compatibility
- pfSense: 2.7.x (tested on 2.7.2)
- pfrest: v2.x (REST API v2)
- Python: 3.11+
Note: pfrest runs on nginx (port 80 by default), separate from the pfSense WebGUI (lighttpd on port 443). If your pfrest is configured on a non-standard port, set
PFSENSE_PORTandPFSENSE_SCHEMEaccordingly.
Development
git clone https://github.com/antonio-mello-ai/mcp-pfsense.git
cd mcp-pfsense
python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
# Run tests
pytest
# Lint and type check
ruff check .
mypy src/
License
MIT
Related Servers
Tableau Cloud
Administer Tableau Cloud with AI-powered tools. This server offers complete API coverage, enterprise-grade logging, and a production-ready architecture.
LeadFuze MCP Server
Enrich contacts and companies via email/LinkedIn enrichment and email validation through LeadFuze (API key required).
Ned AI MCP Server
Connect your Shopify store to Claude, Cursor, or Windsurf and get 100+ pre-calculated ecommerce metrics like net profit, blended CAC, per-channel ROAS, and customer LTV segments.
LlamaCloud
Connect to and manage data indexes on the LlamaCloud platform.
Illumio MCP Server
Interact with the Illumio Policy Compute Engine (PCE) to manage workloads, labels, and analyze traffic flows.
HuggingFace Spaces
Server for using HuggingFace Spaces, supporting Images, Audio, Text and more. Claude Desktop mode for ease-of-use.
Octodet Keycloak
Administer Keycloak by managing users, realms, roles, and other resources through an LLM interface.
Wuying AgentBay MCP Server
A cloud infrastructure from Alibaba Cloud for AI Agents, featuring one-click configuration and serverless execution.
Weather Alerts
Provides real-time weather alerts for US states using the National Weather Service API.
Bigeye MCP Server
Interact with Bigeye's data quality monitoring platform via its Datawatch API. Supports dynamic API key authentication.