OPNsense MCP Server

MCPOpen SourceMIT29.0

by lucamarien • Uncategorized

A secure MCP server for managing OPNsense firewalls via AI assistants and MCP-compatible tools.

Example Use Cases

1
Securely query and manage OPNsense firewall configurations and status.
2
Automate firewall rule changes with safety via savepoints and rollback.
3
Integrate OPNsense management into AI workflows using MCP protocol.

Description

This MCP server provides a secure, API-only interface to manage OPNsense firewall configurations and services through AI assistants like Claude Code and Cursor. It supports 62 tools across 10 domains including system, firewall, network, DNS, DHCP, VPN, HAProxy, services, diagnostics, and security. The server emphasizes security with read-only default mode, savepoint/rollback for changes, endpoint blocklisting, and no direct shell or config file access. It supports OPNsense 24.7 and newer versions with automatic API endpoint detection.

Capabilities(258 total)

Tools (258)

list_modules

List all available OPNsense modules with descriptions and tool counts. In read-only mode, only read-only tools are loadable — counts reflect that. Call this first, then describe_module(), then load_module() or load_tool().

describe_module

List all tools in a module with names, descriptions, and read-only status. In read-only mode, mutating tools are shown but marked as unavailable. Args: module: Module name (e.g. 'cron', 'firewall'). Get names from list_modules().

module:string*

load_tool

Load a single tool into the active session so it can be called. Mutating tools cannot be loaded when the server is in read-only mode. Args: tool_name: Exact tool name (e.g. 'cron_search_jobs'). Get names from describe_module().

tool_name:string*

load_module

Load all tools in a module into the active session at once. In read-only mode, only read-only tools in the module are loaded. Args: module: Module name (e.g. 'cron', 'firewall'). Get names from list_modules().

module:string*

core_add_tunable

Create a system tunable. data_json: JSON with tunable fields (tunable, value, descr).

data_json:string*

Quick Actions

View on GitHub

Security

Scanned 27 days ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D48/100

8/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFree

Capabilities258 Tools / 0 Prompts / 0 Resources

Ownerlucamarien

CategoryUncategorized

DependenciesStandalone

TagsNo tags

Set Your Username