v0.9.2 - Zod v4 & Drizzle ORM Upgrade

What's New

Dependency Upgrades

• zod: 3.25.62 → 4.1.13 (major upgrade with performance improvements)
• drizzle-orm: 0.29.5 → 0.45.0
• drizzle-kit: 0.31.4 → 0.31.8

Breaking Changes Addressed

• Zod v4: ZodError.errors renamed to ZodError.issues

Dependabot

• Updated configuration to allow automatic updates for zod and drizzle-orm

Installation

npx opnsense-mcp-server@0.9.2

Or with Bun:

bun run /path/to/OPNSenseMCP/src/index.ts

v0.9.1 - Bun Support & Security Fixes

What's New

Security Fixes

• CRITICAL: Upgraded @modelcontextprotocol/sdk from 0.5.0 to 1.24.3
  • Fixes DNS rebinding vulnerability (HIGH severity)
• Fixed axios DoS vulnerability

Bun Support 🚀

Now supports Bun for significantly faster startup times!

New scripts:

• bun run start:bun - Run with Bun
• bun run dev:bun - Development mode with hot reload
• bun run build:bun - Build with Bun

Claude Desktop with Bun:

{
  "mcpServers": {
    "opnsense": {
      "command": "bun",
      "args": ["run", "/path/to/OPNSenseMCP/src/index.ts"],
      "env": {
        "OPNSENSE_HOST": "https://your-opnsense:port",
        "OPNSENSE_API_KEY": "your-key",
        "OPNSENSE_API_SECRET": "your-secret"
      }
    }
  }
}

Installation

npm (traditional):

npx opnsense-mcp-server@0.9.1

Bun (faster):

git clone https://github.com/vespo92/OPNSenseMCP.git
cd OPNSenseMCP
bun install
bun run start:bun

v0.9.0 - Plugin Architecture & Build Fixes

What's New

Features

• Modular Plugin Architecture: Complete plugin system with SSE event streaming
• Dashboard: Web-based monitoring interface
• Comprehensive Plugins: Extended plugin ecosystem

Security

• Credential Leak Fixed: Removed .mcp.json from git tracking (contained API keys)
• Enhanced .gitignore: Added patterns for credentials, secrets, SSH keys, and tokens

Bug Fixes

• Resolved all TypeScript build errors from merged PR
• Fixed incorrect import names (OPNSenseAPIClient, MCPCacheManager, ResourceStateStore)
• Fixed EventSeverity import issue
• Fixed constructor calls for API client, SSH executor, cache manager, and logger
• Added getValue/set methods to MCPCacheManager for plugin compatibility
• Added missing dependencies (express, cors)

Installation

npx opnsense-mcp-server@0.9.0

Or add to your Claude Desktop config:

{
  "mcpServers": {
    "opnsense": {
      "command": "npx",
      "args": ["--yes", "opnsense-mcp-server@0.9.0"],
      "env": {
        "OPNSENSE_HOST": "https://your-opnsense:443",
        "OPNSENSE_API_KEY": "your-api-key",
        "OPNSENSE_API_SECRET": "your-api-secret"
      }
    }
  }
}

v0.8.2 - NAT Implementation & Repository Reorganization

🎉 Major Release: SSH-based NAT Management & Complete Repository Reorganization

🚀 Key Features

NAT Management (NEW)

• Complete NAT control via SSH - Since OPNsense doesn't expose NAT through REST API
• DMZ NAT fix - Resolves inter-VLAN routing issues automatically
• NAT modes - Support for automatic, hybrid, manual, and disabled modes
• No-NAT rules - Create exception rules for internal traffic

Firewall Improvements

• Fixed automation rules visibility - API-created rules now properly retrieved
• Enhanced persistence - Multiple fallback methods for applying changes
• Better rule management - Improved handling of complex rule structures

SSH/CLI Integration

• Direct command execution - Run any OPNsense CLI command
• Configuration manipulation - Direct access to config.xml
• System operations - Service restarts, diagnostics, and more

Routing Diagnostics

• Comprehensive analysis - Identify routing issues automatically
• Auto-fix capabilities - One-command resolution for common problems
• Interface management - Control "Block private networks" settings

📁 Repository Reorganization

• Organized structure - 42+ files organized into logical directories
• Clean documentation - Feature-based docs in /docs
• Script organization - Test, debug, and fix scripts in /scripts
• Professional README - Clear examples and comprehensive guide

🔒 Security

• All API keys and sensitive data removed
• Added .env.example for configuration reference
• Proper gitignore for sensitive files

📦 Installation

npm install -g opnsense-mcp-server@0.8.2

🔧 Breaking Changes

• NAT features require SSH credentials in environment variables
• Script locations changed (see updated package.json)

📊 Stats

• 49 files changed
• 12,721 lines added
• 804 lines removed
• All tests passing

🙏 Contributors

• @vespo92 - Project maintainer
• Claude AI - Development assistance

---

Full Changelog: v0.8.1...v0.8.2

v0.7.5 - Firewall Rule Persistence Fix

🐛 Bug Fixes

Critical: Fixed Firewall Rule Persistence Issue

• Problem: Firewall rules were created successfully (returning UUIDs) but weren't persisting or showing up when listing rules
• Root Cause: Incomplete configuration save - API was only calling /firewall/filter/apply without proper persistence

Solution Implemented:

1. Enhanced applyChanges() method:

   • Now calls both /firewall/filter/apply and /firewall/filter/reconfigure
   • Implements proper save/reconfigure flow required by OPNsense
   • Added fallback mechanisms for compatibility

2. Improved rule retrieval:

   • Added getAllRules() method using /firewall/filter/get endpoint
   • Multiple retrieval methods to handle API inconsistencies
   • Better response format handling

3. Rule caching system:

   • Implemented cache to handle API propagation delays
   • Rules are immediately visible after creation
   • Cache updates on every list operation

4. Verification after creation:

   • Rules are verified and cached immediately after creation
   • Proper error logging if verification fails

✅ Success Criteria Met

• Created rules appear in list_firewall_rules immediately
• Rules persist across API sessions
• Rules are visible and active in OPNsense web UI
• Rules actually allow traffic as configured

📦 Installation

```bash
npm install opnsense-mcp-server@latest
```

🔒 Security Note

Previous versions may have exposed API credentials in git history. Please ensure you:

1. Rotate your OPNsense API keys if upgrading
2. Add .mcp.json to your .gitignore
3. Never commit files containing API credentials

v0.7.3 - NPX Compatibility Fix

🐛 Bug Fixes

• Fixed ESM import paths missing .js extensions
• Updated npx command to use --yes flag for better compatibility
• Added @latest to ensure newest version is fetched

📚 Documentation

• Updated all configuration examples with working syntax
• Added troubleshooting section for connection issues
• Improved Claude Code/Desktop setup instructions

🔧 Configuration

Working Claude Code configuration:

{
  "mcpServers": {
    "opnsense": {
      "command": "npx",
      "args": ["--yes", "opnsense-mcp-server@latest"],
      "env": {
        "OPNSENSE_HOST": "https://192.168.1.1",
        "OPNSENSE_API_KEY": "your-api-key",
        "OPNSENSE_API_SECRET": "your-api-secret",
        "OPNSENSE_VERIFY_SSL": "false"
      }
    }
  }
}

📦 Installation

npm i opnsense-mcp-server
# or use directly with npx
npx --yes opnsense-mcp-server@latest

v0.7.2

Full Changelog: v0.7.1...v0.7.2

v0.7.1

What's Changed

• add MCP server badge by @punkpeye in #1

New Contributors

• @punkpeye made their first contribution in #1

Full Changelog: https://github.com/vespo92/OPNSenseMCP/commits/v0.7.1