pfSense MCP Server

A production-grade Model Context Protocol (MCP) server that enables natural language interaction with pfSense firewalls through Claude Desktop and other GenAI applications.

🚀 Features

Natural Language Interface: Control pfSense using plain English
5 Access Levels: From read-only monitoring to emergency response
Multiple Connection Methods: REST API, XML-RPC, and SSH
6 Functional Categories: Complete security operations coverage
GenAI Integration: Works with Claude Desktop, Continue, and other MCP clients
Production Ready: Audit logging, rate limiting, caching

📋 Quick Start

1. Install and Configure

# Clone the repository
git clone https://github.com/gensecaihq/pfsense-mcp-server.git
cd pfsense-mcp-server

# Copy environment template
cp .env.example .env

# Edit configuration
nano .env  # Add your pfSense details

2. Run with Docker

# Build and start
docker-compose up -d

# Check health
curl http://localhost:8000/health

3. Configure Claude Desktop

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "pfsense": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--env-file", "/path/to/.env", "pfsense-mcp:latest"],
      "env": {
        "MCP_MODE": "stdio"
      }
    }
  }
}

Or run locally:

{
  "mcpServers": {
    "pfsense": {
      "command": "python",
      "args": ["/path/to/pfsense-mcp-server/main.py"],
      "env": {
        "PFSENSE_URL": "https://your-pfsense.local",
        "PFSENSE_API_KEY": "your-api-key"
      }
    }
  }
}

🔐 Access Levels

Level	Description	Example Users
`READ_ONLY`	Monitor and view	Security Analysts
`SECURITY_WRITE`	Modify security rules	Security Engineers
`ADMIN_WRITE`	Full system access	Administrators
`COMPLIANCE_READ`	Audit and compliance	Compliance Officers
`EMERGENCY_WRITE`	Emergency response	Incident Responders

💬 Example Prompts

"Show me the system status"
"What IPs are currently blocked?"
"Block IP 192.168.1.100"
"Run a PCI compliance check"
"Analyze threats from the last hour"
"EMERGENCY: Block all traffic from Russia"

📚 Documentation

🧪 Testing

# Test connection
python scripts/test_connection.py

# Run tests
pytest tests/

# Generate token
python scripts/generate_token.py alice READ_ONLY

📝 License

MIT License - see LICENSE

This server cannot be installed

security - not tested

license - permissive license

quality - not tested

How are these scores calculated?

A production-grade server that enables natural language interaction with pfSense firewalls through Claude Desktop and other GenAI applications, supporting multiple access levels and functional categories.

Related MCP Servers

Code Analysis MCP Server
saiprashanths
A
security
F
license
A
quality
The server facilitates natural language interactions for exploring and understanding codebases, providing insights into data models and system architecture using a cost-effective, simple setup with support for existing Claude Pro subscriptions.
Last updated -
4
7
Python
Azure MCP Server
kalivaraprasad-gonapa
A
security
A
license
A
quality
Enables natural language interaction with Azure services through Claude Desktop, supporting resource management, subscription handling, and tenant selection with secure authentication.
Last updated -
3
0
13
TypeScript
MIT License
Voicevox MCP Server
Dosugamea
-
security
A
license
-
quality
A server that enables Claude 3.7 and other AI agents to access VOICEVOX-compatible speech synthesis engines (AivisSpeech, VOICEVOX, COEIROINK) through the Model Context Protocol.
Last updated -
2
TypeScript
MIT License
MCP Server UniFi
zcking
-
security
A
license
-
quality
A server implementation that enables natural language interactions with UniFi network devices by wrapping the UniFi Network API for AI agents like Goose and Claude.
Last updated -
Python
MIT License

View all related MCP servers

pfSense MCP Server