coreyhines/opnsense-mcp
This MCP server provides management and monitoring capabilities for an OPNsense firewall through natural language queries.
Network Discovery
View/filter ARP/NDP table by IP, MAC, or hostname
View DHCP leases (search by hostname/IP/MAC) and delete specific leases
View LLDP neighbor/topology table
Monitoring & Diagnostics
Retrieve firewall logs with filtering by action, source/destination IP, and protocol
Check system status and WAN gateway health (latency, packet loss)
Start, stop, and fetch packet captures with BPF filters and PCAP export
Firewall Rule Management
List, create, delete, enable/disable, and edit firewall rules
SSH fallback for creating rules when the API has limitations
DNS Management
List, add, and remove Unbound DNS host overrides (searchable by hostname/IP/description)
Aliases & Interfaces
List firewall aliases (IP/port groups) with search filtering
Retrieve available network interfaces for use in firewall rules
Provides tools for managing OPNsense firewall operations, including ARP, DHCP, logs, rules, interfaces, system status, and packet capture.
OPNsense MCP Server
MCP server for OPNsense firewall operations (ARP, DHCP, logs, rules, interfaces, system status, packet capture).
Use one of two deployment modes:
STDIO(local): best for Cursor/Claude Code/Continue running the server process directly.SSE(centralized): best for shared, long-lived service over HTTPS.
Demo
Query your firewall with Claude Code CLI. Live example with real network data:
Related MCP server: OPNSense MCP Server
Why This Exists
Built this because SSH'ing into the firewall to check logs or grab ARP data got old fast. Now you can ask Claude:
"What's happening on the network right now?"
"Show me the latest firewall blocks"
"Tell me about that host"
"Capture packets from the suspicious traffic"
Claude handles the firewall query via MCP and gives you analysis + context in one shot. Works on homelab or business deployments equally well.
Quick Start
1) Local setup (required for both modes)
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt
cp examples/.env.example ~/.envEdit ~/.env:
OPNSENSE_API_KEY=your_api_key
OPNSENSE_API_SECRET=your_api_secret
OPNSENSE_FIREWALL_HOST=your.firewall.host
MCP_SECRET_KEY=replace_me2) Choose mode
Mode A: STDIO (local IDE/client)
Configure your MCP client to launch mcp_start.sh:
{
"mcpServers": {
"opnsense-mcp": {
"command": "/bin/bash",
"args": ["/absolute/path/to/opnsense-mcp/mcp_start.sh"],
"cwd": "/absolute/path/to/opnsense-mcp"
}
}
}See full guide: docs/GETTING_STARTED.md.
Mode B: SSE (centralized service)
Run the Linux installer (Podman + quadlet + Caddy TLS):
sudo bash deploy/install.shClients connect to:
https://<your-hostname>/sseSee deployment docs:
What Is Available
Primary tools:
Discovery:
arp,dhcp,lldpMonitoring:
system,get_logs,packet_captureFirewall rules:
fw_rules,mkfw_rule,rmfw_rule,ssh_fw_ruleInterfaces:
interface_list
Full reference: docs/REFERENCE/FUNCTION_REFERENCE.md
Use Cases
Homelab network troubleshooting — Query firewall logs from terminal, get Claude's take on what's happening
Security operations — Automate incident triage: "Analyze the last hour of blocks"
Infrastructure automation — Write MCP-aware scripts that query firewall state dynamically
DevOps troubleshooting — Quick VLAN/interface status checks without SSH sessions
Feedback
First 10 users get feedback incorporated into the tool. If you find bugs or have ideas, file an issue or discussion.
Documentation Map
Start here:
docs/GETTING_STARTED.mdClaude Code specifics:
docs/CLAUDE_CODE_INTEGRATION.mdCentralized SSE spec:
docs/CENTRALIZED_DEPLOY_SPEC.mdContributor guide:
docs/DEVELOPMENT/CONTRIBUTING.md
License
This project is released under the MIT License.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/coreyhines/opnsense-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server