@dougschaefer/opnsense-firewall

v2026.04.27.2

Full OPNsense management via REST API — system status, interfaces, DNS, tunables, services, firmware/plugins, firewall states, DHCP leases, ARP table, Tailscale, WireGuard, and raw API passthrough. Replaces MCP server.

Repository

https://github.com/dougschaefer6/swamp-opnsense

Platforms

linux-x86_64 linux-aarch64 darwin-x86_64 darwin-aarch64

Labels

opnsensefirewallnetworkingdnsfreebsd

models

Quality score

How well-documented and verifiable this extension is.

Grade A

Has README or module doc2/2earned
README has a code example1/1earned
README is substantive1/1earned
Most symbols documented1/1earned
No slow types1/1earned
Has description1/1earned
At least one platform tag (or universal)1/1earned
Two or more platform tags (or universal)1/1earned
License declared1/1earned
Verified public repository2/2earned

Install

$ swamp extension pull @dougschaefer/opnsense-firewall

Release Notes

Remove _client.ts from manifest entrypoint list — it's a shared helper, not a model. The Swamp Club quality scorer lints manifest entrypoints; including _client.ts there exposed slow-type errors and cost the fast-check factor (91% → 100%).

@dougschaefer/opnsense-firewallv2026.04.04.1opnsense/firewall.ts

apiRaw API passthrough — hit any OPNsense endpoint directly. Use for any operation not covered by a dedicated method. Path is relative to /api/ (e.g., 'tailscale/service/status').

Argument	Type	Required	Description
path	string	yes	API path after /api/ (e.g., 'core/firmware/status', 'tailscale/general/get')
method	enum	yes	HTTP method — GET for reads, POST for writes/actions
body?	record	no	POST body as JSON object (omit for GET requests)

statusGet system status: firmware version, CPU/memory usage, uptime, gateway health, and PF state table size.

rebootReboot the OPNsense appliance. Network will drop for 60-90 seconds.

servicesList all services with their running state.

interfacesList all network interfaces with traffic counters, MTU, link rate, hardware offloads, and error counts.

dnsGet Unbound DNS resolver statistics: query counts, cache hit rate, timeouts.

tunablesList all system tunables (sysctls) with current and default values.

Resources

status(1h)— OPNsense system status: firmware, CPU, memory, uptime, gateway health

interface(1h)— Network interface with traffic stats, MTU, link state, and hardware offloads

dns(1h)— Unbound DNS resolver statistics

tunable(1h)— System tunable (sysctl) with current and default values

api-response(1h)— Raw API response from any OPNsense endpoint

service(1h)— OPNsense service with running state

gateway(1h)— Gateway status with latency and packet loss

dhcp-lease(1h)— DHCP lease from dnsmasq or Kea

arp-entry(1h)— ARP table entry

firmware(1h)— Firmware and plugin information

2026.04.27.116.4 KBApr 27, 2026

Release Notes

Add curated README and LICENSE to tarball (additionalFiles), bringing extension's Swamp Club quality grade from F/B to A-/B.

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

opnsensefirewallnetworkingdnsfreebsd

2026.04.13.113.8 KBApr 13, 2026

Release Notes

Add .meta({ sensitive: true }) to apiKey and apiSecret credentials

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

opnsensefirewallnetworkingdnsfreebsd

2026.04.04.113.8 KBApr 4, 2026

Release Notes

Full rebuild: 20 methods including raw API passthrough, Tailscale, WireGuard, firmware/plugin management, service control, ARP, DHCP, gateway health. Replaces MCP server.

Changelog

Models

~opnsense-firewallmethods: +api, +reboot, +services; resources: +api-response, +service, +gateway, +dhcp-lease, +arp-entry, +firmware

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

opnsensefirewallnetworkingdnsfreebsd

2026.03.29.16.1 KBMar 29, 2026

OPNsense firewall monitoring and tuning via REST API — system status, interface traffic stats, Unbound DNS analytics, and sysctl tunable management. Handles self-signed certificates.

Release Notes

Pin zod to 4.3.6

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

opnsensefirewallnetworkingdnsfreebsd

2026.03.28.16.1 KBMar 28, 2026

OPNsense firewall monitoring and tuning via REST API — system status, interface traffic stats, Unbound DNS analytics, and sysctl tunable management. Handles self-signed certificates.

Release Notes

Remove MSP-specific language from description and labels

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

opnsensefirewallnetworkingdnsfreebsd

2026.03.27.26.1 KBMar 27, 2026

OPNsense firewall monitoring and tuning via REST API — system status, interface traffic stats, Unbound DNS analytics, and sysctl tunable management. Handles self-signed certificates, designed for multi-tenant MSP deployments.

Release Notes

Initial release: system status, interface stats, DNS analytics, tunable management. Tested against OPNsense 26.1.2 on FreeBSD 14.

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

opnsensefirewallnetworkingdnsfreebsdmsp

@dougschaefer/opnsense-firewall

Repository

Platforms

Labels

Contents

Quality score

Install

Release Notes

Models1

Resources

Previous Versions6

Release Notes

Release Notes

Release Notes

Changelog

Models

Release Notes

Release Notes

Release Notes