Submit
gensecaihq

pfSense MCP Server

Community gensecaihq
Updated

pfSense MCP Server enables security administrators to manage their pfSense firewalls using natural language through AI assistants like Claude Desktop. Simply ask "Show me blocked IPs" or "Run a PCI compliance check" instead of navigating complex interfaces. Supports REST/XML-RPC/SSH connections, and includes built-in compliance and guardrail

pfSense MCP Server

A production-grade Model Context Protocol (MCP) server that enables natural language interaction with pfSense firewalls through Claude Desktop and other GenAI applications.

VersionLicenseMCP

๐Ÿš€ Features

  • Natural Language Interface: Control pfSense using plain English
  • 5 Access Levels: From read-only monitoring to emergency response
  • Multiple Connection Methods: REST API, XML-RPC, and SSH
  • 6 Functional Categories: Complete security operations coverage
  • GenAI Integration: Works with Claude Desktop, Continue, and other MCP clients
  • Production Ready: Audit logging, rate limiting, caching

๐Ÿ“‹ Quick Start

1. Install and Configure

# Clone the repository
git clone https://github.com/gensecaihq/pfsense-mcp-server.git
cd pfsense-mcp-server

# Copy environment template
cp .env.example .env

# Edit configuration
nano .env  # Add your pfSense details

2. Run with Docker

# Build and start
docker-compose up -d

# Check health
curl http://localhost:8000/health

3. Configure Claude Desktop

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "pfsense": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--env-file", "/path/to/.env", "pfsense-mcp:latest"],
      "env": {
        "MCP_MODE": "stdio"
      }
    }
  }
}

Or run locally:

{
  "mcpServers": {
    "pfsense": {
      "command": "python",
      "args": ["/path/to/pfsense-mcp-server/main.py"],
      "env": {
        "PFSENSE_URL": "https://your-pfsense.local",
        "PFSENSE_API_KEY": "your-api-key"
      }
    }
  }
}

๐Ÿ” Access Levels

Level Description Example Users
READ_ONLY Monitor and view Security Analysts
SECURITY_WRITE Modify security rules Security Engineers
ADMIN_WRITE Full system access Administrators
COMPLIANCE_READ Audit and compliance Compliance Officers
EMERGENCY_WRITE Emergency response Incident Responders

๐Ÿ’ฌ Example Prompts

"Show me the system status"
"What IPs are currently blocked?"
"Block IP 192.168.1.100"
"Run a PCI compliance check"
"Analyze threats from the last hour"
"EMERGENCY: Block all traffic from Russia"

๐Ÿ“š Documentation

  • Claude Desktop Setup
  • GenAI Integration Guide
  • API Documentation
  • Deployment Guide
  • Permissions Guide

๐Ÿงช Testing

# Test connection
python scripts/test_connection.py

# Run tests
pytest tests/

# Generate token
python scripts/generate_token.py alice READ_ONLY

๐Ÿ“ License

MIT License - see LICENSE

MCP Server ยท Populars

MCP Server ยท New

    kuberstar

    Qartez MCP

    Semantic code intelligence MCP server for Claude Code - project maps, symbol search, impact analysis, and more

    Community kuberstar
    aovestdipaperino

    tokensave

    Rust port of CodeGraph โ€” a local-first code intelligence system that builds semantic knowledge graphs from codebases. Ported from the original TypeScript implementation by @colbymchenry.

    Community aovestdipaperino
    jpicklyk

    MCP Task Orchestrator

    Server-enforced workflow discipline for AI agents. An MCP server providing persistent work items, dependency graphs, quality gates, and actor attribution. Schemas define what agents must produce โ€” the server blocks the call if they don't. Works with any MCP-compatible client.

    Community jpicklyk
    AgentsID-dev

    AgentsID Scanner

    Security scanner for MCP servers. Grades auth, permissions, injection risks, and tool safety. The Lighthouse of agent security.

    Community AgentsID-dev
    remete618

    widemem.ai

    Next-gen AI memory layer with importance scoring, temporal decay, hierarchical memory, and YMYL prioritization

    Community remete618