Firewall AIops
БесплатноНе проверенGoverned OPNsense + pfSense firewall ops: rules, NAT, VPN, DHCP, RCA. 32 tools.
Описание
Governed OPNsense + pfSense firewall ops: rules, NAT, VPN, DHCP, RCA. 32 tools.
README
Firewall AIops (preview)
Governed, audited AI-ops for OPNsense and pfSense firewalls — for AI agents (via MCP) and humans (via CLI).
Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by the OPNsense project, Deciso, Netgate, or the pfSense project. OPNsense, pfSense and Netgate are trademarks of their respective owners. MIT licensed.
firewall-aiops speaks to two firewall platforms behind one MCP server — OPNsense
(REST API under /api/..., API key+secret via HTTP Basic auth) and pfSense
(REST API v2 under /api/v2/... from the pfSense-pkg-RESTAPI package, API key via
an X-API-Key header) — with the same tools working on both. Each target in the
config names its own platform; a name-keyed platform registry selects the API shape
(auth + resource paths), so an agent never has to know which firewall it is talking to.
Every tool runs through a built-in governance harness (vendored, zero external dependency): audit log, token/call budget with runaway circuit-breaker, graduated risk-tier approval, undo-token recording, and prompt-injection sanitisation.
Why this exists
- One server, both firewalls — OPNsense and pfSense in a mixed estate, spoken to through identical tool names. Adding a third firewall later is a new platform descriptor, not a rewrite.
- Read the whole firewall — firmware/health, interfaces & gateways, filter rules (with hit counts and state table), NAT (port-forward / outbound / 1:1), aliases, VPN (WireGuard / OpenVPN / IPsec), DHCP leases & reservations, and the firewall log.
- Flagship RCA analyses — transparent heuristics that show their numbers, never a
black-box verdict:
gateway_health_rca(WAN loss/latency/down → cause + action),rule_hit_and_shadow_analysis(never-hit + shadowed/redundant rules), andblocked_traffic_rca(top blocked sources/ports → scan / brute-force / probe). - Governed writes — toggle a rule, add/remove an alias entry (reversible,
undo-recorded from the fetched before-state), flush states, restart a service, and
the "make it live" commit (
apply_changes/reconfigure) andrebootat risk=high with a dry-run preview and an approver gate.
Tool inventory (32 tools)
| Domain | Tools | # | Kind |
|---|---|---|---|
| System | firmware_status, health_status, interface_status, gateway_status |
4 | read |
| Rules | list_rules, rule_detail, rule_stats, rule_states |
4 | read |
| NAT | nat_port_forwards, nat_outbound, nat_one_to_one |
3 | read |
| Aliases | list_aliases, alias_entries |
2 | read |
| VPN | wireguard_status, openvpn_sessions, ipsec_sas |
3 | read |
| DHCP | dhcp_leases, dhcp_static_mappings |
2 | read |
| Diagnostics | firewall_log, states_table, top_talkers |
3 | read |
| Flagship analyses | gateway_health_rca, rule_hit_and_shadow_analysis, blocked_traffic_rca |
3 | read |
| Writes | toggle_rule, add_alias_entry, remove_alias_entry, kill_states, restart_service |
5 | write (med) |
| Writes | apply_changes, reconfigure, reboot |
3 | write (high) |
Reversible writes record an inverse undo descriptor built from the real fetched
before-state (toggle_rule restores the rule's prior enabled flag; alias add/remove
invert). apply_changes / reconfigure / reboot are high-risk with dry_run +
an approver requirement; reboot is irreversible (audit only).
Install
uv tool install firewall-aiops # or: pipx install firewall-aiops
Quick start
firewall-aiops init # wizard: pick platform (opnsense/pfsense) + store the secret (encrypted)
firewall-aiops doctor # verify config, secrets, and connectivity
firewall-aiops overview # one-shot: version + gateway/interface health + rule count
firewall-aiops rules list # list filter rules
firewall-aiops rules toggle <uuid> --disable # dry-run + double-confirm governed write
firewall-aiops log --action block -n 50 # recent blocked traffic
Run the MCP server (stdio) for an agent:
firewall-aiops mcp # or: firewall-aiops-mcp
MCP client config
{
"mcpServers": {
"firewall-aiops": {
"command": "uvx",
"args": ["--from", "firewall-aiops", "firewall-aiops-mcp"],
"env": { "FIREWALL_AIOPS_MASTER_PASSWORD": "your-master-password" }
}
}
}
Configuration
~/.firewall-aiops/config.yaml (non-secret connection details only):
targets:
- name: fw1
platform: opnsense # opnsense | pfsense
host: 192.0.2.1
port: 443
username: <opnsense-api-key> # OPNsense API key (unused for pfSense)
verify_ssl: false # false for self-signed lab certs
- name: edge
platform: pfsense
host: 192.0.2.2
verify_ssl: false
The secret — the OPNsense API secret (paired with the key for HTTP Basic auth)
or the pfSense API key — is stored encrypted in ~/.firewall-aiops/secrets.enc
(Fernet + scrypt-derived key), never plaintext on disk. Set it with
firewall-aiops secret set <target> or the init wizard. The store is unlocked by a
master password from FIREWALL_AIOPS_MASTER_PASSWORD (non-interactive/MCP/CI) or an
interactive prompt (CLI on a TTY). A legacy plaintext env var
FIREWALL_<TARGET>_SECRET is honoured as a fallback (migrate with
firewall-aiops secret migrate).
Governance
Every MCP tool is wrapped by @governed_tool:
- Audit — every call is logged to
~/.firewall-aiops/audit.db(tool, params with secrets redacted, status, duration, risk tier, approver, rationale). - Budget / runaway guard — per-process token/call caps and a repeat-call circuit
breaker (
FIREWALL_MAX_TOOL_CALLS,FIREWALL_RUNAWAY_MAX, …). - Graduated risk tiers — high-risk writes (
apply_changes,reconfigure,reboot) require an approver: setFIREWALL_AUDIT_APPROVED_BY(andFIREWALL_AUDIT_RATIONALE) before they will run. - Undo recording — reversible writes record an inverse descriptor to
~/.firewall-aiops/undo.dbfrom the fetched before-state (recording only; an external orchestrator executes it). - Sanitisation — all firewall-returned text is bounded + injection-sanitised before it reaches the agent.
Preview status
- Platforms: OPNsense (REST API) and pfSense (REST API v2, pfSense-pkg-RESTAPI).
- Preview — mock-validated only. Not run against a live firewall. All behaviour is
validated against mocked OPNsense/pfSense JSON responses; the concrete REST paths are
modelled from each project's public API and need live verification. Both platforms are
free and self-hostable (OPNsense is fully open-source; pfSense CE is free), so a home
lab is the easiest live check —
firewall-aiops doctor(a firmware/version query on both) is the fastest connectivity check. - Missing a capability? Open an issue or PR at github.com/AIops-tools/Firewall-AIops — contributions and feedback welcome.
License
MIT — see LICENSE.
Установить Firewall AIops в Claude Desktop, Claude Code, Cursor
unyly install firewall-aiopsСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add firewall-aiops -- uvx firewall-aiopsFAQ
Firewall AIops MCP бесплатный?
Да, Firewall AIops MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Firewall AIops?
Нет, Firewall AIops работает без API-ключей и переменных окружения.
Firewall AIops — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Firewall AIops в Claude Desktop, Claude Code или Cursor?
Открой Firewall AIops на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Firewall AIops with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
