OPNSense MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| OPNSENSE_HOST | Yes | The URL of your OPNsense firewall (e.g., https://your-opnsense-host:port) | |
| OPNSENSE_API_KEY | Yes | Your OPNsense API key | |
| OPNSENSE_SSH_HOST | No | Your OPNsense SSH host (optional, for advanced features) | |
| OPNSENSE_API_SECRET | Yes | Your OPNsense API secret | |
| OPNSENSE_VERIFY_SSL | No | Whether to verify SSL certificates | false |
| OPNSENSE_SSH_KEY_PATH | No | Path to SSH private key file (alternative to password) | |
| OPNSENSE_SSH_PASSWORD | No | Your OPNsense SSH password (optional, for advanced features) | |
| OPNSENSE_SSH_USERNAME | No | Your OPNsense SSH username (optional, for advanced features) |
Capabilities
Server capabilities have not been inspected yet.
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| configureC | Configure OPNsense connection |
| list_vlansB | List all VLANs |
| get_vlanC | Get VLAN details |
| create_vlanC | Create a new VLAN |
| delete_vlanC | Delete a VLAN |
| update_vlanC | Update VLAN description |
| list_firewall_rulesC | List all firewall rules |
| get_firewall_ruleC | Get firewall rule details |
| create_firewall_ruleC | Create a new firewall rule |
| create_firewall_presetC | Create a firewall rule from a preset |
| update_firewall_ruleC | Update a firewall rule |
| delete_firewall_ruleC | Delete a firewall rule |
| toggle_firewall_ruleC | Toggle firewall rule enabled/disabled |
| find_firewall_rulesC | Find firewall rules by description |
| create_backupC | Create a configuration backup |
| list_backupsB | List available backups |
| restore_backupC | Restore a configuration backup |
| test_connectionB | Test API connection and authentication |
| get_interfacesB | List available network interfaces |
| list_dhcp_leasesC | List all DHCP leases |
| find_device_by_nameC | Find devices by hostname pattern |
| find_device_by_macC | Find device by MAC address |
| get_guest_devicesB | Get all devices on guest network (VLAN 4) |
| get_devices_by_interfaceB | Group devices by network interface |
| list_arp_entriesB | List all ARP table entries |
| find_arp_by_ipC | Find ARP entries by IP address or subnet |
| find_arp_by_macC | Find ARP entries by MAC address |
| find_arp_by_interfaceC | Find ARP entries on specific interface |
| find_arp_by_hostnameC | Find ARP entries by hostname pattern |
| get_arp_statsC | Get ARP table statistics |
| find_devices_on_vlanC | Find devices on specific VLAN |
| list_dns_blocklistB | List all DNS blocklist entries |
| block_domainC | Add a domain to the DNS blocklist |
| unblock_domainB | Remove a domain from the DNS blocklist |
| block_multiple_domainsC | Block multiple domains at once |
| apply_blocklist_categoryC | Apply a predefined category of domain blocks |
| search_dns_blocklistC | Search DNS blocklist entries |
| toggle_blocklist_entryB | Enable/disable a DNS blocklist entry |
| haproxy_service_controlC | Control HAProxy service (start, stop, restart, reload) |
| haproxy_backend_createC | Create a new HAProxy backend |
| haproxy_backend_listB | List all HAProxy backends |
| haproxy_backend_deleteC | Delete an HAProxy backend |
| haproxy_frontend_createC | Create a new HAProxy frontend |
| haproxy_frontend_listB | List all HAProxy frontends |
| haproxy_frontend_deleteC | Delete an HAProxy frontend |
| haproxy_certificate_listB | List available certificates for HAProxy |
| haproxy_certificate_createC | Create a certificate for HAProxy |
| haproxy_acl_createC | Create an ACL for HAProxy frontend |
| haproxy_action_createC | Create an action for HAProxy frontend |
| haproxy_statsC | Get HAProxy statistics |
| haproxy_backend_healthC | Get health status of a specific backend |
| macro_start_recordingC | Start recording API calls to create a macro |
| macro_stop_recordingB | Stop recording and save the macro |
| macro_listB | List all saved macros |
| macro_playC | Play a saved macro |
| macro_deleteC | Delete a saved macro |
| macro_analyzeC | Analyze a macro to detect patterns and parameters |
| macro_generate_toolC | Generate an MCP tool definition from a macro |
| macro_exportC | Export all macros to a file |
| macro_importC | Import macros from a file |
| iac_plan_deploymentC | Plan infrastructure deployment changes |
| iac_apply_deploymentC | Apply a deployment plan |
| iac_destroy_deploymentC | Destroy deployed resources |
| iac_list_resource_typesB | List available resource types |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| VLANs | List of all configured VLANs |
| Firewall Rules | List of all firewall rules |
| Network Interfaces | Available network interfaces |
| Connection Status | OPNsense connection status |
| DHCP Leases | Current DHCP leases |
| DNS Blocklist | DNS blocklist entries |
| HAProxy Backends | HAProxy backend configurations |
| HAProxy Frontends | HAProxy frontend configurations |
| HAProxy Statistics | HAProxy statistics and health status |
| Recorded Macros | List of recorded API macros |
| ARP Table | ARP table entries showing IP to MAC mappings |
| IaC Resource Types | Available infrastructure resource types |
| Deployments | Current infrastructure deployments |
| Resource State | Current state of managed resources |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/vespo92/OPNSenseMCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server