pfSense MCP Server

A production-grade Model Context Protocol (MCP) server that enables natural language interaction with pfSense firewalls through Claude Desktop and other GenAI applications.

🚀 Features

Natural Language Interface: Control pfSense using plain English
5 Access Levels: From read-only monitoring to emergency response
Multiple Connection Methods: REST API, XML-RPC, and SSH
6 Functional Categories: Complete security operations coverage
GenAI Integration: Works with Claude Desktop, Continue, and other MCP clients
Production Ready: Audit logging, rate limiting, caching

📋 Quick Start

1. Install and Configure

# Clone the repository
git clone https://github.com/gensecaihq/pfsense-mcp-server.git
cd pfsense-mcp-server

# Copy environment template
cp .env.example .env

# Edit configuration
nano .env  # Add your pfSense details

2. Run with Docker

# Build and start
docker-compose up -d

# Check health
curl http://localhost:8000/health

3. Configure Claude Desktop

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "pfsense": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--env-file", "/path/to/.env", "pfsense-mcp:latest"],
      "env": {
        "MCP_MODE": "stdio"
      }
    }
  }
}

Or run locally:

{
  "mcpServers": {
    "pfsense": {
      "command": "python",
      "args": ["/path/to/pfsense-mcp-server/main.py"],
      "env": {
        "PFSENSE_URL": "https://your-pfsense.local",
        "PFSENSE_API_KEY": "your-api-key"
      }
    }
  }
}

🔐 Access Levels

Level	Description	Example Users
`READ_ONLY`	Monitor and view	Security Analysts
`SECURITY_WRITE`	Modify security rules	Security Engineers
`ADMIN_WRITE`	Full system access	Administrators
`COMPLIANCE_READ`	Audit and compliance	Compliance Officers
`EMERGENCY_WRITE`	Emergency response	Incident Responders

💬 Example Prompts

"Show me the system status"
"What IPs are currently blocked?"
"Block IP 192.168.1.100"
"Run a PCI compliance check"
"Analyze threats from the last hour"
"EMERGENCY: Block all traffic from Russia"

📚 Documentation

🧪 Testing

# Test connection
python scripts/test_connection.py

# Run tests
pytest tests/

# Generate token
python scripts/generate_token.py alice READ_ONLY

📝 License

MIT License - see LICENSE

This server cannot be installed

security - not tested

license - permissive license

quality - not tested

How are these scores calculated?

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

A production-grade server that enables natural language interaction with pfSense firewalls through Claude Desktop and other GenAI applications, supporting multiple access levels and functional categories.

Related MCP Servers

Code Analysis MCP Server
saiprashanths
A
security
F
license
A
quality
The server facilitates natural language interactions for exploring and understanding codebases, providing insights into data models and system architecture using a cost-effective, simple setup with support for existing Claude Pro subscriptions.
Last updated -
4
18
Python
MCP Server UniFi
zcking
A
security
A
license
A
quality
A server implementation that enables natural language interactions with UniFi network devices by wrapping the UniFi Network API for AI agents like Goose and Claude.
Last updated -
2
Python
MIT License
Confluence MCP Server
alirezarezvani
-
security
A
license
-
quality
A server that integrates Confluence with Claude Desktop and other AI assistants, enabling natural language interactions with your Confluence documentation.
Last updated -
1
TypeScript
MIT License
OPNSense MCP Server
vespo92
A
security
A
license
A
quality
A server that enables managing OPNSense firewalls through natural language interactions with Claude Desktop, supporting VLAN management, firewall rules configuration, and network interface queries.
Last updated -
19
10
TypeScript
MIT License

View all related MCP servers

pfSense MCP Server