// SCAN REPORT

OPNsense MCP Server

81 tools. 40 can modify or destroy data without limits.

9 destructive tools with no built-in limits. Policy required.

Last updated:

40 can modify or destroy data
41 read-only
81 tools total

Community server · catalogue entry verified 12/06/2026

How to control OPNsense MCP Server ↓

TOOL MAP

What OPNsense MCP Server exposes to your agents

Read (41) Write / Execute (31) Destructive / Financial (9)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous OPNsense MCP Server tools

Destructive · High opn_delete_alias The 'delete' operation is inherently destructive—it removes configuration data irreversibly. Destructive · High opn_delete_ddns_account This tool permanently removes a DDNS account configuration and applies the change immediately, which cannot be undone without manual reconfiguration. Destructive · High opn_delete_dns_override The 'delete' operation removes data that cannot be easily recovered without manual reconfiguration. Destructive · High opn_delete_dnsmasq_range This tool irreversibly deletes a DHCP range configuration from the OPNsense firewall.

40 of OPNsense MCP Server's 81 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control OPNsense MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and OPNsense MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "opn_delete_alias": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "opn_toggle_alias": {
    "limits": [
      {
        "counter": "opn_toggle_alias_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "opn_arp_table": {
    "limits": [
      {
        "counter": "opn_arp_table_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register OPNsense MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON OPNSENSE →

Free to start. No card required.

FULL CATALOGUE

All 81 OPNsense MCP Server tools

DESTRUCTIVE 9 tools
Destructive opn_delete_alias opn_delete_alias Destructive opn_delete_ddns_account Delete a Dynamic DNS account by UUID and apply the configuration. Destructive opn_delete_dns_override opn_delete_dns_override Destructive opn_delete_dnsmasq_range Delete a dnsmasq DHCP range by UUID and apply the configuration. Destructive opn_delete_firewall_category opn_delete_firewall_category Destructive opn_delete_firewall_rule opn_delete_firewall_rule Destructive opn_delete_nat_rule opn_delete_nat_rule Destructive opn_haproxy_delete opn_haproxy_delete Destructive opn_remove_dnsbl_allowlist opn_remove_dnsbl_allowlist
EXECUTE 8 tools
Execute opn_confirm_changes opn_confirm_changes Execute opn_haproxy_configtest Validate HAProxy configuration syntax before applying. Execute opn_ping opn_ping Execute opn_reconfigure_ddclient opn_reconfigure_ddclient Execute opn_reconfigure_dnsmasq opn_reconfigure_dnsmasq Execute opn_reconfigure_haproxy opn_reconfigure_haproxy Execute opn_reconfigure_unbound opn_reconfigure_unbound Execute opn_traceroute Trace the network path from OPNsense to a destination host.
WRITE 23 tools
Write opn_toggle_alias opn_toggle_alias Write opn_toggle_firewall_rule opn_toggle_firewall_rule Write opn_add_alias opn_add_alias Write opn_add_ddns_account opn_add_ddns_account Write opn_add_dns_override opn_add_dns_override Write opn_add_dnsbl_allowlist opn_add_dnsbl_allowlist Write opn_add_dnsmasq_range opn_add_dnsmasq_range Write opn_add_firewall_category opn_add_firewall_category Write opn_add_firewall_rule opn_add_firewall_rule Write opn_add_icmpv6_rules opn_add_icmpv6_rules Write opn_add_nat_rule opn_add_nat_rule Write opn_configure_mdns_repeater opn_configure_mdns_repeater Write opn_haproxy_add opn_haproxy_add Write opn_haproxy_update opn_haproxy_update Write opn_set_dnsbl opn_set_dnsbl Write opn_set_rule_categories opn_set_rule_categories Write opn_update_alias opn_update_alias Write opn_update_ddns_account opn_update_ddns_account Write opn_update_dns_override opn_update_dns_override Write opn_update_dnsbl opn_update_dnsbl Write opn_update_dnsmasq_range opn_update_dnsmasq_range Write opn_update_firewall_rule opn_update_firewall_rule Write opn_update_nat_rule opn_update_nat_rule
READ 41 tools
Read opn_arp_table Get the ARP table showing IP-to-MAC address mappings. Read opn_crowdsec_alerts opn_crowdsec_alerts Read opn_crowdsec_status opn_crowdsec_status Read opn_dns_lookup opn_dns_lookup Read opn_dns_stats Get Unbound DNS resolver statistics (queries, cache hits, uptime). Read opn_download_config opn_download_config Read opn_firewall_log opn_firewall_log Read opn_gateway_status Get gateway status including dpinger health checks. Read opn_get_config_section opn_get_config_section Read opn_get_dnsbl opn_get_dnsbl Read opn_haproxy_get opn_haproxy_get Read opn_haproxy_search opn_haproxy_search Read opn_haproxy_status Get HAProxy load balancer status and backend health. Read opn_interface_stats Get per-interface traffic statistics (bytes in/out, packets, errors). Read opn_ipsec_status opn_ipsec_status Read opn_ipv6_status opn_ipv6_status Read opn_list_acme_certs opn_list_acme_certs Read opn_list_cron_jobs List scheduled cron jobs configured in OPNsense. Read opn_list_ddns_accounts opn_list_ddns_accounts Read opn_list_dhcp_leases opn_list_dhcp_leases Read opn_list_dns_forwards List Unbound DNS forward zones (domain-specific DNS servers). Read opn_list_dns_overrides List Unbound DNS host overrides (local DNS records). Read opn_list_dnsbl opn_list_dnsbl Read opn_list_dnsmasq_leases opn_list_dnsmasq_leases Read opn_list_dnsmasq_ranges opn_list_dnsmasq_ranges Read opn_list_firewall_aliases List firewall alias definitions (IP lists, port groups, GeoIP, URLs). Read opn_list_firewall_categories List firewall rule categories. Read opn_list_firewall_rules opn_list_firewall_rules Read opn_list_kea_leases opn_list_kea_leases Read opn_list_nat_rules opn_list_nat_rules Read opn_list_services List system services and their running status. Read opn_list_static_routes opn_list_static_routes Read opn_mcp_info Get MCP server version and runtime configuration. Read opn_mdns_repeater_status opn_mdns_repeater_status Read opn_ndp_table opn_ndp_table Read opn_openvpn_status opn_openvpn_status Read opn_pf_states Query the active PF (packet filter) state table. Read opn_scan_config opn_scan_config Read opn_security_audit opn_security_audit Read opn_system_status opn_system_status Read opn_wireguard_status opn_wireguard_status
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
admin
Mcp Afip 1300 tools
admin
Mcp Ap2 1300 tools
admin
BNB Chain MCP 1240 tools
admin
Nodebench 824 tools
admin
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
admin
Amazon Data Processing MCP Server 805 tools
admin
Amazon ECS MCP Server 805 tools
admin
FAQ

Questions about OPNsense MCP Server

Can an AI agent delete data through the OPNsense MCP Server MCP server? +

Yes. The OPNsense MCP Server server exposes 9 destructive tools including opn_delete_alias, opn_delete_ddns_account, opn_delete_dns_override. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through OPNsense MCP Server? +

The OPNsense MCP Server server has 23 write tools including opn_toggle_alias, opn_toggle_firewall_rule, opn_add_alias. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach OPNsense MCP Server.

How many tools does the OPNsense MCP Server MCP server expose? +

81 tools across 3 categories: Destructive, Read, Write. 41 are read-only. 40 can modify, create, or delete data.

How do I enforce a policy on OPNsense MCP Server? +

Register the OPNsense MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every OPNsense MCP Server tool call.

Deterministic rules across all 81 OPNsense MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON OPNSENSE →

Free to start. No card required.

81 OPNsense MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.