Skip to main content
← back to extensions

@dougschaefer/opnsense-firewall

v2026.04.04.1

Full OPNsense management via REST API — system status, interfaces, DNS, tunables, services, firmware/plugins, firewall states, DHCP leases, ARP table, Tailscale, WireGuard, and raw API passthrough. Replaces MCP server.

Repository

https://github.com/dougschaefer6/swamp-opnsense

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

opnsensefirewallnetworkingdnsfreebsd

Contents

models

Install

$ swamp extension pull @dougschaefer/opnsense-firewall

Release Notes

Full rebuild: 20 methods including raw API passthrough, Tailscale, WireGuard, firmware/plugin management, service control, ARP, DHCP, gateway health. Replaces MCP server.

@dougschaefer/opnsense-firewallv2026.04.04.1opnsense/firewall.ts
apiRaw API passthrough — hit any OPNsense endpoint directly. Use for any operation not covered by a dedicated method. Path is relative to /api/ (e.g., 'tailscale/service/status').
ArgumentTypeDescription
pathstringAPI path after /api/ (e.g., 'core/firmware/status', 'tailscale/general/get')
methodenumHTTP method — GET for reads, POST for writes/actions
body?recordPOST body as JSON object (omit for GET requests)
statusGet system status: firmware version, CPU/memory usage, uptime, gateway health, and PF state table size.
rebootReboot the OPNsense appliance. Network will drop for 60-90 seconds.
servicesList all services with their running state.
interfacesList all network interfaces with traffic counters, MTU, link rate, hardware offloads, and error counts.
dnsGet Unbound DNS resolver statistics: query counts, cache hit rate, timeouts.
tunablesList all system tunables (sysctls) with current and default values.

Resources

status(1h)— OPNsense system status: firmware, CPU, memory, uptime, gateway health
interface(1h)— Network interface with traffic stats, MTU, link state, and hardware offloads
dns(1h)— Unbound DNS resolver statistics
tunable(1h)— System tunable (sysctl) with current and default values
api-response(1h)— Raw API response from any OPNsense endpoint
service(1h)— OPNsense service with running state
gateway(1h)— Gateway status with latency and packet loss
dhcp-lease(1h)— DHCP lease from dnsmasq or Kea
arp-entry(1h)— ARP table entry
firmware(1h)— Firmware and plugin information