mcp-opnsense

opnsense_nat_source_list

Lists all Source NAT (outbound) rules with details including UUID, interface, source/destination, target, and enabled state.

Instructions

List all Source NAT (outbound) rules. Read-only. Returns rule UUID, sequence, interface, source/destination, target, enabled state.

Input Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

src/tools/nat.ts:216-219 (handler)
The handler function for the opnsense_nat_source_list tool. It calls client.get('/firewall/source_nat/search_rule') to list all Source NAT (outbound) rules from OPNsense and returns the result as JSON.
```
case "opnsense_nat_source_list": {
  const result = await client.get("/firewall/source_nat/search_rule");
  return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
}
```

src/tools/nat.ts:90-96 (schema)

The tool definition and registration entry for opnsense_nat_source_list in the natToolDefinitions array. Defines the tool name, description, and an empty inputSchema (no parameters required).

export const natToolDefinitions = [
  {
    name: "opnsense_nat_source_list",
    description:
      "List all Source NAT (outbound) rules. Read-only. Returns rule UUID, sequence, interface, source/destination, target, enabled state.",
    inputSchema: { type: "object" as const, properties: {} },
  },

src/index.ts:70-70 (registration)
Registration of the handleNatTool as the handler for all NAT tools, including opnsense_nat_source_list. Each tool definition in natToolDefinitions maps to handleNatTool.
```
for (const def of natToolDefinitions) toolHandlers.set(def.name, handleNatTool);
```

src/index.ts:39-51 (registration)

The tool definitions from nat.ts are spread into allToolDefinitions, which is used to populate the ListToolsRequestSchema response.

const allToolDefinitions = [
  ...dnsToolDefinitions,
  ...firewallToolDefinitions,
  ...diagnosticsToolDefinitions,
  ...interfacesToolDefinitions,
  ...dhcpToolDefinitions,
  ...systemToolDefinitions,
  ...acmeToolDefinitions,
  ...firmwareToolDefinitions,
  ...routingToolDefinitions,
  ...vlanToolDefinitions,
  ...tailscaleToolDefinitions,
  ...natToolDefinitions,

src/client/opnsense-client.ts:6-26 (helper)

The OPNsenseClient class that provides the get/post methods used by the handler to call the OPNsense REST API. The handler uses client.get('/firewall/source_nat/search_rule') to fetch source NAT rules.

export class OPNsenseClient {
  private readonly http: AxiosInstance;

  constructor(private readonly config: OPNsenseConfig) {
    const baseURL = config.url.replace(/\/+$/, "") + "/api";

    this.http = axios.create({
      baseURL,
      timeout: config.timeout ?? 30000,
      auth: {
        username: config.apiKey,
        password: config.apiSecret,
      },
      httpsAgent: new https.Agent({
        rejectUnauthorized: config.verifySsl ?? true,
      }),
      headers: {
        Accept: "application/json",
      },
    });
  }

Tool Definition Quality

A4/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries full burden. It declares 'Read-only' and lists return fields, but lacks details on pagination, rate limits, error conditions, or behavior when no rules exist. Basic transparency is provided but not comprehensive.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two well-structured sentences: the first states the action and resource, the second lists return fields. No wasted words, front-loaded, and efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple list tool with no parameters and no output schema, the description adequately covers purpose, return fields, and read-only nature. Minor missing context like sorting or limits would improve completeness, but it is sufficient for typical use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has zero parameters, so the description need not add parameter details. It adds value by stating 'List all', indicating no filtering is possible, which clarifies the tool's scope beyond the empty schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'list' and the resource 'Source NAT (outbound) rules', and enumerates the return fields (UUID, sequence, interface, source/destination, target, enabled state). It distinguishes from sibling tools like opnsense_nat_source_add/delete/get/toggle/update by being a read-only list operation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description mentions 'List all' implying it is for a full listing, and 'Read-only' indicating no side effects. However, it does not explicitly guide when to use this tool over alternatives like opnsense_nat_source_get or provide context for filtering or prerequisites.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/itunified-io/mcp-opnsense'

If you have feedback or need assistance with the MCP directory API, please join our Discord server