PfClaude MCP Server

How to use

You operate pfClaude from an MCP client that talks to the pfSense MCP server. Use the normal mode to issue authenticated, HTTPS-based commands that cover the full range of pfSense operations. If the network becomes unhealthy or Claude Code cannot reach pfSense, pfClaude activates its emergency brain to run diagnostics, send alerts, and take predefined autonomous actions via configurable escalation paths.

How to install

Prerequisites you must prepare first:

• pfSense 2.7+ or pfSense Plus 23.09+
• 50MB free storage on pfSense
• Network connectivity between pfSense and the MCP host

Install the MCP server on your Claude Code host using the following steps:

pkg add https://github.com/ArktechNWA/pfsense-mcp/releases/latest/pfsense.pkg
npm install -g @arktechnwa/pfsense-mcp

Claude Code integration (MCP client configuration)

{
  "mcpServers": {
    "pfsense": {
      "command": "pfsense-mcp",
      "env": {
        "PFSENSE_HOST": "192.168.1.1",
        "PFSENSE_API_KEY": "your-api-key"
      }
    }
  }
}

pf_system_info

Query hostname, version, uptime, and resource usage of pfSense.

pf_system_status

Get an overall health summary of the pfSense system.

pf_system_reboot

Reboot pfSense (dangerous operation).

pf_system_shutdown

Shutdown pfSense (dangerous operation).

pf_system_config_backup

Export the pfSense configuration XML.

pf_interface_list

List all interfaces with current status.

pf_interface_status

Get detailed status for a specific interface.

pf_interface_stats

Retrieve traffic counters and errors for interfaces.

pf_interface_restart

Restart a specific network interface.

pf_interface_enable

Enable a specific interface.

pf_interface_disable

Disable a specific interface.

pf_firewall_rules

List firewall and NAT rules.

pf_firewall_rule_add

Add a firewall rule.

pf_firewall_rule_delete

Delete a firewall rule.

pf_firewall_rule_modify

Modify a firewall rule.

pf_firewall_states

View the connection state table.

pf_firewall_states_flush

Flush the firewall state table.

pf_firewall_aliases

Manage firewall aliases.

pf_nat_rules

List NAT rules such as port forwards.

pf_nat_rule_add

Add a NAT rule.

pf_nat_rule_delete

Delete a NAT rule.

pf_nat_rule_modify

Modify a NAT rule.

pf_dhcp_leases

Show current DHCP leases.

pf_dhcp_static_mappings

Show reserved DHCP mappings.

pf_dhcp_config

Show DHCP server configuration.

pf_dhcp_service_restart

Restart the DHCP service.

pf_dns_resolver_config

Show Unbound resolver config.

pf_dns_forwarder_config

Show dnsmasq config.

pf_dns_override_add

Add a DNS override.

pf_dns_override_delete

Delete a DNS override.

pf_dns_service_restart

Restart DNS services.

pf_vpn_openvpn_status

Show OpenVPN connections.

pf_vpn_ipsec_status

Show IPsec SAs.

pf_vpn_wireguard_status

Show WireGuard peers.

pf_vpn_disconnect

Disconnect a VPN client or tunnel.

pf_routes_table

Show the routing table.

pf_routes_static

Show static routes.

pf_gateway_status

Show gateway health.

pf_gateway_switch

Switch the default gateway.

pf_traffic_graphs

Provide data for bandwidth graphs.

pf_traffic_totals

Show interface traffic totals.

pf_traffic_top

Show top talkers.

pf_logs_system

Show system logs.

pf_logs_firewall

Show firewall logs.

pf_logs_dhcp

Show DHCP logs.

pf_logs_vpn

Show VPN logs.

pf_logs_search

Search across all logs.

pf_packages_installed

List installed packages.

pf_packages_available

List available packages.

pf_packages_install

Install a package.

pf_packages_remove

Remove a package.

pf_services_list

List all services and their status.

pf_services_start

Start a service.

pf_services_stop

Stop a service.

pf_services_restart

Restart a service.

pf_diag_ping

Ping from pfSense.

pf_diag_traceroute

Traceroute from pfSense.

pf_diag_dns_lookup

DNS lookup from pfSense.

pf_diag_arp_table

ARP table.

pf_diag_ndp_table

IPv6 neighbor table.

pf_diag_sockets

Open sockets.

pf_diag_pftop

Real-time state table.