Skip to main content
Glama
itunified-io

mcp-opnsense

by itunified-io
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Remote

opnsense_fw_toggle_rule

Toggle a firewall rule's enabled state by UUID. Apply after changing to activate the rule.

Instructions

Enable or disable a firewall rule by UUID. Run opnsense_fw_apply afterwards to activate.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
uuidYesUUID of the rule to toggle
enabledYes1 to enable, 0 to disable

Implementation Reference

  • src/tools/firewall.ts:164-180 (registration)
    Tool definition registration for opnsense_fw_toggle_rule, defining the name, description, and input schema (uuid + enabled enum).
    {
  name: "opnsense_fw_toggle_rule",
  description:
    "Enable or disable a firewall rule by UUID. Run opnsense_fw_apply afterwards to activate.",
  inputSchema: {
    type: "object" as const,
    properties: {
      uuid: { type: "string", description: "UUID of the rule to toggle" },
      enabled: {
        type: "string",
        enum: ["0", "1"],
        description: "1 to enable, 0 to disable",
      },
    },
    required: ["uuid", "enabled"],
  },
},
  • src/tools/firewall.ts:33-36 (schema)
    Zod validation schema for the toggle rule tool — validates uuid and enabled ("0" or "1").
    const ToggleRuleSchema = z.object({
  uuid: UuidSchema,
  enabled: z.enum(["0", "1"]),
});
  • src/tools/firewall.ts:360-366 (handler)
    Handler function: parses args with ToggleRuleSchema, then POSTs to /firewall/filter/toggleRule/{uuid}/{enabled} via the OPNsenseClient.
    case "opnsense_fw_toggle_rule": {
  const parsed = ToggleRuleSchema.parse(args);
  const result = await client.post(
    `/firewall/filter/toggleRule/${parsed.uuid}/${parsed.enabled}`,
  );
  return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
}
  • src/index.ts:60-70 (registration)
    Server registration: maps opnsense_fw_toggle_rule to the handleFirewallTool handler in the MCP server tool registry.
    for (const def of firewallToolDefinitions) toolHandlers.set(def.name, handleFirewallTool);
for (const def of diagnosticsToolDefinitions) toolHandlers.set(def.name, handleDiagnosticsTool);
for (const def of interfacesToolDefinitions) toolHandlers.set(def.name, handleInterfacesTool);
for (const def of dhcpToolDefinitions) toolHandlers.set(def.name, handleDhcpTool);
for (const def of systemToolDefinitions) toolHandlers.set(def.name, handleSystemTool);
for (const def of acmeToolDefinitions) toolHandlers.set(def.name, handleAcmeTool);
for (const def of firmwareToolDefinitions) toolHandlers.set(def.name, handleFirmwareTool);
for (const def of routingToolDefinitions) toolHandlers.set(def.name, handleRoutingTool);
for (const def of vlanToolDefinitions) toolHandlers.set(def.name, handleVlanTool);
for (const def of tailscaleToolDefinitions) toolHandlers.set(def.name, handleTailscaleTool);
for (const def of natToolDefinitions) toolHandlers.set(def.name, handleNatTool);
  • src/utils/validation.ts:3-55 (helper)
    UUID validation schema used by ToggleRuleSchema to validate the uuid field.
    export const UuidSchema = z
  .string()
  .uuid("Invalid UUID format");

export const IpAddressSchema = z
  .string()
  .regex(
    /^(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)$/,
    "Invalid IPv4 address",
  );

export const CidrSchema = z
  .string()
  .regex(
    /^(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\/(?:3[0-2]|[12]?\d)$/,
    "Invalid CIDR notation",
  );

export const HostnameSchema = z
  .string()
  .regex(
    /^(?!-)[a-zA-Z0-9-]{1,63}(?<!-)(?:\.(?!-)[a-zA-Z0-9-]{1,63}(?<!-))*$/,
    "Invalid hostname",
  );

export const PortSchema = z
  .number()
  .int()
  .min(1, "Port must be at least 1")
  .max(65535, "Port must be at most 65535");

export const MacAddressSchema = z
  .string()
  .regex(
    /^[0-9a-fA-F]{2}(?::[0-9a-fA-F]{2}){5}$/,
    "Invalid MAC address (expected format: AA:BB:CC:DD:EE:FF)",
  );

export const DomainSchema = z
  .string()
  .regex(
    /^(?!-)[a-zA-Z0-9-]{1,63}(?<!-)(?:\.(?!-)[a-zA-Z0-9-]{1,63}(?<!-))*\.[a-zA-Z]{2,}$/,
    "Invalid domain name",
  );

export const ProtocolSchema = z.enum(["TCP", "UDP", "ICMP", "any"]);

export const FirewallActionSchema = z.enum(["pass", "block", "reject"]);

export const DirectionSchema = z.enum(["in", "out"]);

export const ServiceActionSchema = z.enum(["start", "stop", "restart"]);

Tool Definition Quality

A3.8/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided. Description only mentions the action and follow-up step. Lacks details on side effects, required permissions, error behavior (e.g., rule not found), or whether the change is reversible. Minimal disclosure for a mutation tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences, no fluff. First sentence states the action, second provides essential follow-up instruction. Highly efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no annotations and no output schema, the description covers the core purpose and necessary follow-up step. It is adequate for a simple toggle tool. Could be improved by noting that it only changes enabled status (and not other rule properties), but that is implicit from the tool name and sibling tools.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema covers both parameters (uuid, enabled) with clear descriptions. The tool description doesn't add meaningful detail beyond what the schema already provides. Schema coverage is 100%, so baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states 'Enable or disable a firewall rule by UUID' — specific verb and resource. Distinguished from siblings like add_rule, delete_rule, update_rule because it focuses on toggling enabled status.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly instructs to run opnsense_fw_apply afterwards, guiding the agent on the next step. However, it doesn't explicitly state when not to use this tool (e.g., for other changes, use update_rule), but the sibling context makes it clear enough.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/itunified-io/mcp-opnsense'

If you have feedback or need assistance with the MCP directory API, please join our Discord server