pfSense Enhanced MCP Server

# ✅ Server is Running! Your pfSense MCP Server is now **live and responding** on your system! ## 🚀 Server Information ``` Server Name: pfSense Enhanced MCP Server Version: 4.1.0 Status: ✅ Running Process ID: 85924 Transport: SSE (Server-Sent Events over HTTP) Endpoint: http://localhost:8000/sse Listening: 0.0.0.0:8000 (all interfaces) ``` ## 🔌 Configure Claude ### For Claude Code CLI The MCP server is already configured in the project's `.mcp.json` file! **To enable it:** 1. **Navigate to the project directory:** ```bash cd /Users/mmaxwell/pfsense-mcp-server ``` 2. **Start a new Claude session from this directory:** ```bash claude ``` 3. **Approve the MCP server when prompted:** - Claude will detect the `.mcp.json` file - You'll see a prompt asking to approve the "pfsense" MCP server - Type `y` or press Enter to approve 4. **Verify it's loaded:** ``` /context ``` You should see the pfSense MCP server listed **Already in a Claude session?** - Run `/reload` to reload MCP servers ### For Claude Web Interface If using Claude in the web browser: 1. Go to Claude settings 2. Add MCP Server 3. Enter URL: `http://localhost:8000/sse` 4. Save and reload ## 🧪 Test the Connection Once configured in Claude, try these commands: ``` # Test the connection Can you test the pfSense connection? # Get system status What's the system status of my pfSense firewall? # List tools available What tools are available for managing pfSense? ``` ## 📋 Available Tools (20+) Your server has these tools ready: ### System - `system_status` - Get system info, CPU, memory, disk - `test_connection` - Test API connection - `enhanced_test_connection` - Advanced connection test ### Firewall - `search_firewall_rules` - Search and filter rules - `create_firewall_rule` - Create new rules - `update_firewall_rule` - Update existing rules - `delete_firewall_rule` - Delete rules - `apply_firewall_changes` - Apply pending changes ### Interfaces - `search_interfaces` - List interfaces - `get_interface_details` - Interface details - `update_interface` - Modify interface ### NAT - `search_nat_port_forward` - Port forwarding rules - `create_nat_port_forward` - Create port forward - `update_nat_port_forward` - Update port forward - `delete_nat_port_forward` - Delete port forward ### DHCP - `search_dhcp_leases` - View DHCP leases - `get_dhcp_server_config` - DHCP settings ### VPN - `search_ipsec_tunnels` - IPsec tunnels - `search_openvpn_connections` - OpenVPN connections ### Services - `search_services` - List services - `get_service_status` - Service status - `control_service` - Start/stop/restart ## ⚙️ Server Management ### View Server Logs ```bash tail -f /private/tmp/claude-501/-Users-mmaxwell/tasks/b71efbe.output ``` ### Stop the Server ```bash kill 85924 # Or find and kill lsof -ti :8000 | xargs kill ``` ### Restart the Server ```bash cd /Users/mmaxwell/pfsense-mcp-server source venv/bin/activate export MCP_MODE=http python -m src.main ``` Or use the startup script: ```bash ./run-http.sh ``` ### Check if Server is Running ```bash lsof -i :8000 # Or test the endpoint curl http://localhost:8000/sse ``` ## ⚠️ Important Notes ### pfSense Configuration Required The server is running but **needs pfSense credentials** to actually connect to your firewall. Edit `.env` and add: ```bash PFSENSE_URL=https://your-pfsense.local PFSENSE_API_KEY=your-api-key-here ``` Without these, the server tools will return connection errors when called. ### Auto-start on Boot (Optional) To start the server automatically: **Using launchd (macOS):** Create `~/Library/LaunchAgents/com.pfsense.mcp.plist`: ```xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.pfsense.mcp</string> <key>ProgramArguments</key> <array> <string>/Users/mmaxwell/pfsense-mcp-server/venv/bin/python</string> <string>-m</string> <string>src.main</string> </array> <key>WorkingDirectory</key> <string>/Users/mmaxwell/pfsense-mcp-server</string> <key>EnvironmentVariables</key> <dict> <key>MCP_MODE</key> <string>http</string> </dict> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> <key>StandardOutPath</key> <string>/tmp/pfsense-mcp.log</string> <key>StandardErrorPath</key> <string>/tmp/pfsense-mcp-error.log</string> </dict> </plist> ``` Then: ```bash launchctl load ~/Library/LaunchAgents/com.pfsense.mcp.plist ``` ## 🔒 Security Considerations ### Current Setup (Development) - Running on all interfaces (0.0.0.0) - No HTTPS encryption - No authentication on the MCP endpoint - Suitable for local development only ### Production Recommendations 1. **Use HTTPS** - Add nginx/caddy reverse proxy 2. **Firewall rules** - Restrict access to trusted IPs 3. **VPN** - Use VPN for remote access 4. **Bind to localhost** - If only local access needed: ```bash MCP_HOST=127.0.0.1 # in .env ``` ## 📊 Server Health Check server health: ```bash curl http://localhost:8000/health ``` ## 🆘 Troubleshooting ### Server won't start ```bash # Check if port is in use lsof -i :8000 # Use different port export MCP_PORT=8001 python -m src.main ``` ### Claude can't connect - Verify server is running: `lsof -i :8000` - Check endpoint: `curl http://localhost:8000/sse` - Verify URL in Claude settings: `http://localhost:8000/sse` - Restart Claude after adding config ### Tools return errors - Check `.env` has correct `PFSENSE_URL` and `PFSENSE_API_KEY` - Verify pfSense firewall is accessible - Check pfSense REST API is enabled ## 📖 Documentation - **SETUP_COMPLETE.md** - Initial setup guide - **HTTP_TRANSPORT_UPGRADE.md** - What changed in v4.1.0 - **HTTP_TRANSPORT.md** - Complete HTTP guide - **README.md** - Full project documentation --- **Your server is ready! Configure Claude and start managing your pfSense firewall!** 🚀 **Next Step**: Add your pfSense credentials to `.env` and configure Claude settings.