What is Pfsense Mcp Server

pfSense MCP Server is a production-grade server that allows natural language interaction with pfSense firewalls using the Model Context Protocol (MCP). It facilitates seamless communication between users and their firewall systems through AI applications like Claude Desktop.

Use cases

This server is ideal for security analysts who wish to monitor system statuses, security engineers who need to modify security rules, compliance officers for audit tasks, and incident responders for emergency actions such as blocking malicious traffic.

How to use

To get started, clone the repository, configure the environment file with pfSense details, and run the server using Docker. You can configure it further with Claude Desktop by adding the server details to its configuration file, specifying either a Docker command or a local execution command.

Key features

Key features include a natural language interface for easy control of pfSense; various access levels for different user roles; multiple connection methods such as REST API and SSH; comprehensive security operations coverage; integration with GenAI applications; and production readiness with features like audit logging and rate limiting.

Where to use

The pfSense MCP Server is suitable for environments where pfSense is used, such as corporate networks, managed service providers, or any organization that requires an interactive and intelligent firewall management solution leveraging natural language processing.

pfSense MCP Server

A production-grade Model Context Protocol (MCP) server that enables natural language interaction with pfSense firewalls through Claude Desktop and other GenAI applications.

🚀 Features

• Natural Language Interface: Control pfSense using plain English
• 5 Access Levels: From read-only monitoring to emergency response
• Multiple Connection Methods: REST API, XML-RPC, and SSH
• 6 Functional Categories: Complete security operations coverage
• GenAI Integration: Works with Claude Desktop, Continue, and other MCP clients
• Production Ready: Audit logging, rate limiting, caching

📋 Quick Start

1. Install and Configure

# Clone the repository
git clone https://github.com/gensecaihq/pfsense-mcp-server.git
cd pfsense-mcp-server

# Copy environment template
cp .env.example .env

# Edit configuration
nano .env  # Add your pfSense details

2. Run with Docker

# Build and start
docker-compose up -d

# Check health
curl http://localhost:8000/health

3. Configure Claude Desktop

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "pfsense": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--env-file",
        "/path/to/.env",
        "pfsense-mcp:latest"
      ],
      "env": {
        "MCP_MODE": "stdio"
      }
    }
  }
}

Or run locally:

{
  "mcpServers": {
    "pfsense": {
      "command": "python",
      "args": [
        "/path/to/pfsense-mcp-server/main.py"
      ],
      "env": {
        "PFSENSE_URL": "https://your-pfsense.local",
        "PFSENSE_API_KEY": "your-api-key"
      }
    }
  }
}

🔐 Access Levels

💬 Example Prompts

"Show me the system status"
"What IPs are currently blocked?"
"Block IP 192.168.1.100"
"Run a PCI compliance check"
"Analyze threats from the last hour"
"EMERGENCY: Block all traffic from Russia"

📚 Documentation

• Claude Desktop Setup
• GenAI Integration Guide
• API Documentation
• Deployment Guide
• Permissions Guide

🧪 Testing

# Test connection
python scripts/test_connection.py

# Run tests
pytest tests/

# Generate token
python scripts/generate_token.py alice READ_ONLY

📝 License

MIT License - see LICENSE