OpenWRT SSH MCP Server

Instructions

Implementation Reference

• openwrt_ssh_mcp/tools.py:200-220 (handler)

  The actual handler implementation that executes 'iptables -L -n -v' to retrieve firewall rules from the OpenWRT router
  @staticmethod async def get_firewall_rules() -> dict[str, Any]: """ Get firewall rules. Returns: dict: Firewall rules """ command = "iptables -L -n -v" result = await OpenWRTTools.execute_command(command) if result["success"]: return { "success": True, "rules": result["output"], } else: return { "success": False, "error": result["error"], }
• openwrt_ssh_mcp/server.py:107-114 (schema)

  Tool schema definition registered with MCP server - defines name, description, and input validation (no parameters required)
  name="openwrt_get_firewall_rules", description="Get current firewall rules (iptables)", inputSchema={ "type": "object", "properties": {}, "required": [], }, ),
• openwrt_ssh_mcp/server.py:319-320 (registration)

  Tool call routing - maps the tool name to its handler method in OpenWRTTools class
  elif name == "openwrt_get_firewall_rules": result = await OpenWRTTools.get_firewall_rules()
• openwrt_ssh_mcp/tools.py:17-47 (helper)

  The execute_command helper method used by get_firewall_rules - validates commands via SecurityValidator and executes them via ssh_client
  @staticmethod async def execute_command(command: str) -> dict[str, Any]: """ Execute a validated command on the OpenWRT router. Args: command: Shell command to execute Returns: dict: Execution result """ # Validate command is_valid, error_msg = SecurityValidator.validate_command(command) if not is_valid: return { "success": False, "error": error_msg, "output": "", } # Execute await ssh_client.ensure_connected() result = await ssh_client.execute(command) return { "success": result["success"], "output": result["stdout"], "error": result["stderr"], "exit_code": result["exit_code"], "execution_time": result["execution_time"], }