Skip to content
/ pfsense-mcp-server Public

pfSense MCP Server enables security administrators to manage their pfSense firewalls using natural language through AI assistants like Claude Desktop. Simply ask "Show me blocked IPs" or "Run a PCI compliance check" instead of navigating complex interfaces. Features 5-level RBAC, supports REST/XML-RPC/SSH connections, and includes built-in complian

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gensecaihq/pfsense-mcp-server

BranchesTags

Repository files navigation

pfSense MCP Server

A production-grade Model Context Protocol (MCP) server that enables natural language interaction with pfSense firewalls through Claude Desktop and other GenAI applications.

Version License MCP

🚀 Features

  • Natural Language Interface: Control pfSense using plain English
  • 5 Access Levels: From read-only monitoring to emergency response
  • Multiple Connection Methods: REST API, XML-RPC, and SSH
  • 6 Functional Categories: Complete security operations coverage
  • GenAI Integration: Works with Claude Desktop, Continue, and other MCP clients
  • Production Ready: Audit logging, rate limiting, caching

📋 Quick Start

1. Install and Configure

# Clone the repository
git clone https://github.com/gensecaihq/pfsense-mcp-server.git
cd pfsense-mcp-server

# Copy environment template
cp .env.example .env

# Edit configuration
nano .env  # Add your pfSense details

2. Run with Docker

# Build and start
docker-compose up -d

# Check health
curl http://localhost:8000/health

3. Configure Claude Desktop

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "pfsense": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--env-file", "/path/to/.env", "pfsense-mcp:latest"],
      "env": {
        "MCP_MODE": "stdio"
      }
    }
  }
}

Or run locally:

{
  "mcpServers": {
    "pfsense": {
      "command": "python",
      "args": ["/path/to/pfsense-mcp-server/main.py"],
      "env": {
        "PFSENSE_URL": "https://your-pfsense.local",
        "PFSENSE_API_KEY": "your-api-key"
      }
    }
  }
}

🔐 Access Levels

Level Description Example Users
READ_ONLY Monitor and view Security Analysts
SECURITY_WRITE Modify security rules Security Engineers
ADMIN_WRITE Full system access Administrators
COMPLIANCE_READ Audit and compliance Compliance Officers
EMERGENCY_WRITE Emergency response Incident Responders

💬 Example Prompts

"Show me the system status"
"What IPs are currently blocked?"
"Block IP 192.168.1.100"
"Run a PCI compliance check"
"Analyze threats from the last hour"
"EMERGENCY: Block all traffic from Russia"

📚 Documentation

🧪 Testing

# Test connection
python scripts/test_connection.py

# Run tests
pytest tests/

# Generate token
python scripts/generate_token.py alice READ_ONLY

📝 License

MIT License - see LICENSE

About

pfSense MCP Server enables security administrators to manage their pfSense firewalls using natural language through AI assistants like Claude Desktop. Simply ask "Show me blocked IPs" or "Run a PCI compliance check" instead of navigating complex interfaces. Features 5-level RBAC, supports REST/XML-RPC/SSH connections, and includes built-in complian

Topics

mcp pfsense claude pfsense-firewall genai mcp-servers mcp-server

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages