A comprehensive REST API wrapper for OPNsense firewall management that covers DNS/Unbound configuration, firewall rules and NAT, DHCP leases and static mappings, ACME certificate automation, and system diagnostics like ARP tables and ping tests. Built strictly on the OPNsense API with no SSH or shell execution, which keeps the attack surface minimal. The optional HashiCorp Vault integration via AppRole pulls credentials from KV v2 at startup, keeping secrets out of config files. Useful when you need programmatic firewall control for infrastructure automation, certificate renewals, or network diagnostics without logging into the web UI. The enterprise tier adds multi-firewall fleet operations and compliance reporting for larger deployments.
claude mcp add --transport stdio io.github.itunified-io-opnsense uvx opnsense