DEV.co
Open-Source DevOps · pfrest

pfSense-pkg-RESTAPI

pfSense-pkg-RESTAPI is an unofficial, community-maintained PHP package that adds REST and GraphQL APIs to pfSense firewalls. It provides 200+ endpoints for automation and management, with built-in Swagger documentation and configurable authentication.

Source: GitHub — github.com/pfrest/pfSense-pkg-RESTAPI
828
GitHub stars
130
Forks
PHP
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorypfrest/pfSense-pkg-RESTAPI
Ownerpfrest
Primary languagePHP
LicenseApache-2.0 — OSI-approved
Stars828
Forks130
Open issues21
Latest releasev2.8.2 (2026-06-09)
Last updated2026-07-07
Sourcehttps://github.com/pfrest/pfSense-pkg-RESTAPI

What pfSense-pkg-RESTAPI is

Written in PHP, the package exposes pfSense firewall configuration and operations via REST and GraphQL endpoints with HATEOAS support, Swagger/OpenAPI documentation, and flexible query/filter capabilities. It runs as a package on pfSense CE and Plus, requiring compatible pfSense versions.

Quickstart

Get the pfSense-pkg-RESTAPI source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/pfrest/pfSense-pkg-RESTAPI.gitcd pfSense-pkg-RESTAPI# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Firewall Automation and Infrastructure-as-Code

Use REST/GraphQL endpoints to programmatically manage firewall rules, interfaces, VPN configurations, and services as part of larger DevOps workflows and CI/CD pipelines.

Multi-Firewall Management and Orchestration

Build dashboards, monitoring systems, and bulk management tools that coordinate configuration across multiple pfSense instances via API calls instead of manual UI navigation.

Custom Network Automation Integrations

Integrate pfSense with third-party network management platforms, security tools, or internal business applications that require programmatic firewall control and telemetry.

Implementation considerations

  • Verify your pfSense version (CE or Plus) is listed in supported versions before installation to avoid system instability.
  • Plan authentication and authorization configuration carefully; review available options (API keys, tokens, etc.) to match your security policy.
  • Test API functionality in a non-production environment to confirm endpoint coverage for your specific firewall use cases before production rollout.
  • Monitor GitHub issues and releases to stay informed of bug fixes and security updates; set a maintenance schedule for patching.
  • Document which 200+ endpoints your automation will use; not all pfSense configurations may have REST/GraphQL equivalents.

When to avoid it — and what to weigh

  • Requires Official Netgate Support — This is a community project with no affiliation or support from Netgate or the pfSense team. If vendor support is mandatory for your environment, this is not suitable.
  • Mission-Critical Production Without Prior Testing — The package warns that installation on unsupported pfSense versions may cause unexpected behavior or system instability. Thorough testing in non-production is essential before deployment.
  • Requires Immediate Commercial SLA or Guarantees — As an open-source community project, there is no guaranteed response time, uptime SLA, or commercial indemnification. Production deployments should assess maintenance risk.
  • Complex Custom pfSense Configuration Not Yet Documented — If your deployment uses undocumented pfSense features or non-standard configurations, API endpoint coverage and compatibility are uncertain and may require source code review.

License & commercial use

Licensed under Apache License 2.0 (Apache-2.0), a permissive, well-established OSI-approved license allowing commercial use, modification, and distribution with proper attribution and notice.

Apache-2.0 permits commercial use of the software. However, this is an unofficial, community-maintained project without vendor backing or commercial support agreements. Organizations using this for commercial purposes should assess the risk of relying on community maintenance for mission-critical firewall automation and establish internal support capabilities.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

The package exposes firewall configuration via API. Security posture depends on: (1) authentication method strength and credential management, (2) network access controls (who can reach the API), (3) timely patching of the package and underlying pfSense, (4) review of RBAC/authorization controls, and (5) monitoring for unauthorized API access. No third-party security audit data provided. Assess threat model in your environment.

Alternatives to consider

Netgate pfSense Plus REST API (official, if available)

Official Netgate solution may offer vendor support and guaranteed compatibility, but feature scope and release schedule unknown; check Netgate's current offerings.

Terraform/Ansible pfSense Modules

Infrastructure-as-code frameworks with pfSense plugins; may offer more mature tooling integration and community modules, though potentially less direct API access.

OPNsense (REST API built-in)

OPNsense, a pfSense fork, includes native REST API support; if you control firewall selection and can migrate, this eliminates third-party package dependency.

Software development agency

Build on pfSense-pkg-RESTAPI with DEV.co software developers

Evaluate pfSense-pkg-RESTAPI for your DevOps and network automation needs. Review supported versions, test thoroughly in non-production, and consider community maintenance risk. Contact Devco to discuss integration strategy.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

pfSense-pkg-RESTAPI FAQ

Is this package supported by Netgate?
No. This is an unofficial, community-maintained project. It is not affiliated with or supported by Netgate or the pfSense team.
Can I use this in production?
Technically yes, but assess risk carefully. It is mature (6+ years old, 800+ stars), but community-maintained with no SLA. Conduct thorough testing, establish internal support, and monitor for updates.
What pfSense versions are supported?
Check the supported versions list on pfrest.org/INSTALL_AND_CONFIG/. Installation on unsupported versions may cause unexpected behavior or instability.
Do I need to choose between REST and GraphQL?
No. Both are available. Use whichever fits your automation tooling and query patterns best; they expose the same underlying firewall data.

Software development & web development with DEV.co

Adopting pfSense-pkg-RESTAPI is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.

Ready to Automate Your pfSense Firewall?

Evaluate pfSense-pkg-RESTAPI for your DevOps and network automation needs. Review supported versions, test thoroughly in non-production, and consider community maintenance risk. Contact Devco to discuss integration strategy.