OPNSense MCP Server

# Phase 3 - Firewall Rules Implementation ## ✅ Completed: Firewall Rule Management We've successfully implemented comprehensive firewall rule management as the first part of Phase 3! ### 🎯 What's Working #### Firewall Rule Features - **List Rules** - View all configured firewall rules - **Get Rule Details** - Retrieve specific rule by UUID - **Create Rules** - Add new firewall rules with full control - **Update Rules** - Modify existing rules - **Delete Rules** - Remove rules - **Toggle Rules** - Enable/disable rules quickly - **Find Rules** - Search rules by description - **Rule Presets** - Quick creation of common rules: - `allow-web` - HTTP/HTTPS traffic - `allow-ssh` - SSH access - `allow-minecraft` - Minecraft server (port 25565) - `block-all` - Block all traffic ### 📝 Example Usage ```javascript // Create a Minecraft server rule await create_firewall_preset({ preset: "allow-minecraft", interface: "lan", description: "Allow Minecraft server on LAN" }); // Create a custom rule await create_firewall_rule({ action: "pass", interface: "wan", direction: "in", protocol: "tcp", source: "any", destination: "192.168.1.100", destinationPort: "3389", description: "Allow RDP to server" }); // Find all web-related rules await find_firewall_rules({ description: "web" }); // Toggle a rule on/off await toggle_firewall_rule({ uuid: "rule-uuid-here" }); ``` ### 🔧 Technical Details #### API Endpoints Used - `/api/firewall/filter/searchRule` - List/search rules - `/api/firewall/filter/getRule/{uuid}` - Get specific rule - `/api/firewall/filter/addRule` - Create new rule - `/api/firewall/filter/setRule/{uuid}` - Update rule - `/api/firewall/filter/delRule/{uuid}` - Delete rule - `/api/firewall/filter/apply` - Apply changes #### Rule Structure ```typescript interface FirewallRule { uuid?: string; enabled: string; // '0' or '1' action: string; // 'pass', 'block', 'reject' interface: string; // Interface name direction: string; // 'in' or 'out' ipprotocol: string; // 'inet', 'inet6', 'inet46' protocol: string; // 'any', 'tcp', 'udp', 'icmp' source_net: string; // Source address/network source_port?: string; // Source port destination_net: string; // Destination address/network destination_port?: string; // Destination port description?: string; // Rule description } ``` ### 🧪 Testing Run the firewall rule tests: ```bash npm run build npx tsx test-firewall.ts ``` ### 📋 Next Steps for Phase 3 - [ ] **NAT/Port Forwarding** - Implement port forward rules - [ ] **DHCP Management** - Static mappings and configuration - [ ] **DNS Services** - Host overrides and forwarder settings - [ ] **Firewall Aliases** - IP, network, and port aliases ### 🚀 Integration with Claude Desktop The firewall rule tools are fully integrated and ready to use in Claude Desktop. Just ask to: - "List all firewall rules" - "Create a rule to allow Minecraft traffic" - "Block all traffic from a specific IP" - "Find rules related to web traffic" - "Disable the SSH rule temporarily" ## 🎉 Success! We can now manage firewall rules through natural language! This is a major milestone for the OPNsense MCP server.