mcp-pfsense
MCP server for managing pfSense firewalls through AI assistants — firewall rules, DHCP, DNS, gateways, ARP, and services. 17 tools with two-step confirmation for destructive operations.
mcp-pfsense
MCP server for managing pfSense firewalls through AI assistants like Claude, ChatGPT, and Copilot.
Requires: pfrest package installed on your pfSense instance (provides the REST API).
Features
17 tools across 6 categories:
| Category | Tools | Description |
|---|---|---|
| System | get_system_status, get_interfaces | Version, CPU, memory, uptime, temperature, network interfaces |
| Firewall | list_firewall_rules, add_firewall_rule, delete_firewall_rule, list_firewall_aliases | Rule management with interface filtering, alias listing |
| DHCP | list_dhcp_leases, list_dhcp_static_mappings, add_dhcp_static_mapping, delete_dhcp_static_mapping | Active leases, IP reservations |
| DNS | list_dns_host_overrides, add_dns_host_override, delete_dns_host_override | Unbound DNS Resolver host overrides |
| Monitoring | get_gateway_status, get_arp_table, list_services | Gateway health, connected devices, service status |
| Services | restart_service | Restart any pfSense service |
Safety
All destructive operations (delete rules, delete mappings, restart services) require two-step confirmation — the tool returns a warning on first call and only executes when called again with confirm=true.
Installation
# Using uvx (recommended)
uvx mcp-pfsense
# Using pip
pip install mcp-pfsense
Prerequisites
- pfSense with pfrest package installed
- A user account with API access (typically
admin)
Configuration
Set environment variables:
| Variable | Required | Default | Description |
|---|---|---|---|
PFSENSE_HOST | Yes | — | pfSense hostname or IP |
PFSENSE_PASSWORD | Yes | — | API user password |
PFSENSE_USERNAME | No | admin | API username |
PFSENSE_PORT | No | 443 | API port |
PFSENSE_SCHEME | No | https | http or https |
PFSENSE_VERIFY_SSL | No | false | Verify SSL certificate |
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"pfsense": {
"command": "uvx",
"args": ["mcp-pfsense"],
"env": {
"PFSENSE_HOST": "10.10.10.1",
"PFSENSE_PASSWORD": "your-password"
}
}
}
}
Claude Code
claude mcp add pfsense -- uvx mcp-pfsense
Then set environment variables in your shell or .env file.
Usage Examples
Once connected, ask your AI assistant:
- "What's the pfSense system status?"
- "Show me all firewall rules on the LAN interface"
- "List active DHCP leases"
- "Add a DNS entry for nas.home.lan pointing to 10.10.10.50"
- "What devices are connected to the network?" (ARP table)
- "Show gateway health and latency"
- "Create a firewall rule to allow TCP port 8080 on LAN"
- "Reserve IP 10.10.10.60 for MAC aa:bb:cc:dd:ee:20"
API Compatibility
- pfSense: 2.7.x (tested on 2.7.2)
- pfrest: v2.x (REST API v2)
- Python: 3.11+
Note: pfrest runs on nginx (port 80 by default), separate from the pfSense WebGUI (lighttpd on port 443). If your pfrest is configured on a non-standard port, set
PFSENSE_PORTandPFSENSE_SCHEMEaccordingly.
Development
git clone https://github.com/antonio-mello-ai/mcp-pfsense.git
cd mcp-pfsense
python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
# Run tests
pytest
# Lint and type check
ruff check .
mypy src/
License
MIT
Related Servers
IPGeolocation.io MCP Server
Official MCP server for IP geolocation, IP security, abuse contacts, ASN, timezone, astronomy, and user-agent parsing.
Dacast MCP Live Stream Server
Dacast MCP Live Stream Server connects your AI tools to Dacast’s live streaming and video hosting APIs, so you can create and manage live streams, playlists, thumbnails, and simulcasts using simple natural-language prompts.
hostbento
Generate and host websites from within your favorite AI assitants
MultiversX MCP Server
Interact with the MultiversX blockchain for wallet creation, balance fetching, and token management.
Reservation System MCP Server
Integrates with the WeChat cloud development reservation system API.
Nexlayer MCP
Agentic cloud platform with 45+ MCP tools. Deploy any containerized stack, debug live pods (shell, file editing, DB queries), manage custom domains & TLS, push to built-in container registry, scale pods, and manage GPU workloads. The infrastructure layer where AI agents ship software to production.
Unofficial FortiMonitor MCP Server
Unofficial FortiMonitor v2 API integration exposing 241 tools across 33 modules. Covers server management, outage monitoring, maintenance windows, metrics, notifications, SNMP, cloud monitoring, dashboards, and more. Python, MIT license, Docker deployment.
AWS Core
Core AWS MCP server providing prompt understanding and server management capabilities.
Unsplash MCP Server
An MCP server for accessing the Unsplash API to search for and retrieve photos.
Remote MCP Server on Cloudflare
A remote MCP server deployable on Cloudflare Workers with OAuth login support, using Cloudflare KV for data storage.