RouterOS · Capability

RouterOS Network Management

Unified network management capability for RouterOS-powered MikroTik devices. Combines IP address management, interface configuration, firewall policy, routing, DHCP, DNS, and wireless client monitoring into a single workflow for network administrators managing MikroTik infrastructure.

Run with Naftiko RouterOSMikroTikNetworkingNetwork ManagementFirewallRouterDHCPDNS

What You Can Do

GET
List ip addresses — List all IP addresses assigned to router interfaces
/v1/ip/addresses
PUT
Add ip address — Assign an IP address to a router interface
/v1/ip/addresses
GET
List interfaces — List all network interfaces with status
/v1/interfaces
GET
List firewall filters — List all firewall filter rules by chain and action
/v1/firewall/filters
PUT
Add firewall filter — Add a new firewall filter rule
/v1/firewall/filters
GET
List firewall nat — List all NAT rules
/v1/firewall/nat
GET
List address lists — List all address list entries
/v1/firewall/address-lists
PUT
Add address list entry — Add an IP address to a named firewall list
/v1/firewall/address-lists
GET
List routes — List all routes in the routing table
/v1/routing/routes
PUT
Add route — Add a static route
/v1/routing/routes
GET
Get system resource — Get CPU, memory, storage, and uptime information
/v1/system/resource
GET
List dhcp leases — List all DHCP leases including client hostnames and MAC addresses
/v1/dhcp/leases
GET
Get dns settings — Get DNS server configuration
/v1/dns
PATCH
Update dns settings — Update DNS server addresses
/v1/dns
GET
List wireless clients — List all currently connected wireless clients with signal strength
/v1/wireless/clients

MCP Tools

list-ip-addresses

List all IP addresses configured on router interfaces

read-only idempotent
add-ip-address

Assign a new IP address to a router interface (CIDR notation required)

list-interfaces

List all network interfaces with running status, type, and MAC address

read-only idempotent
list-firewall-filters

List firewall filter rules; filter by chain (input/forward/output) or action

read-only idempotent
add-firewall-filter

Add a packet filter rule specifying chain, action, source/destination addresses

list-firewall-nat

List NAT rules for masquerading, source NAT, and destination NAT

read-only idempotent
list-address-lists

List entries in named firewall address lists

read-only idempotent
add-address-list-entry

Block or classify an IP by adding it to a named firewall address list

list-routes

List routing table entries; optionally filter by active routes only

read-only idempotent
add-route

Add a static route with destination network and gateway

get-system-resource

Get RouterOS device CPU load, memory usage, uptime, and version information

read-only idempotent
list-dhcp-leases

List all DHCP leases showing client hostname, MAC address, and assigned IP

read-only idempotent
get-dns-settings

Get current DNS server addresses and cache configuration

read-only idempotent
list-wireless-clients

List all connected wireless clients with signal strength, MAC address, and uptime

read-only idempotent

APIs Used

routeros

Capability Spec

network-management.yaml Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: RouterOS Network Management
  description: >-
    Unified network management capability for RouterOS-powered MikroTik devices.
    Combines IP address management, interface configuration, firewall policy,
    routing, DHCP, DNS, and wireless client monitoring into a single workflow
    for network administrators managing MikroTik infrastructure.
  tags:
    - RouterOS
    - MikroTik
    - Networking
    - Network Management
    - Firewall
    - Router
    - DHCP
    - DNS
  created: "2026-05-02"
  modified: "2026-05-02"

binds:
  - namespace: env
    keys:
      ROUTEROS_USERNAME: ROUTEROS_USERNAME
      ROUTEROS_PASSWORD: ROUTEROS_PASSWORD
      ROUTEROS_HOST: ROUTEROS_HOST

capability:
  consumes:
    - import: routeros
      location: ./shared/routeros-rest.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: network-management-api
      description: "Unified REST API for RouterOS network device management."
      resources:
        - path: /v1/ip/addresses
          name: ip-addresses
          description: Manage IP address assignments on router interfaces
          operations:
            - method: GET
              name: list-ip-addresses
              description: List all IP addresses assigned to router interfaces
              call: "routeros.list-ip-addresses"
              outputParameters:
                - type: array
                  mapping: "$."
            - method: PUT
              name: add-ip-address
              description: Assign an IP address to a router interface
              call: "routeros.add-ip-address"
              with:
                address: "rest.address"
                interface: "rest.interface"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/interfaces
          name: interfaces
          description: Network interface status and configuration
          operations:
            - method: GET
              name: list-interfaces
              description: List all network interfaces with status
              call: "routeros.list-interfaces"
              outputParameters:
                - type: array
                  mapping: "$."

        - path: /v1/firewall/filters
          name: firewall-filters
          description: Firewall packet filter rules
          operations:
            - method: GET
              name: list-firewall-filters
              description: List all firewall filter rules by chain and action
              call: "routeros.list-firewall-filters"
              with:
                chain: "rest.chain"
                action: "rest.action"
              outputParameters:
                - type: array
                  mapping: "$."
            - method: PUT
              name: add-firewall-filter
              description: Add a new firewall filter rule
              call: "routeros.add-firewall-filter"
              with:
                chain: "rest.chain"
                action: "rest.action"
                src-address: "rest.src_address"
                dst-address: "rest.dst_address"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/firewall/nat
          name: firewall-nat
          description: Firewall NAT rules for masquerading and port forwarding
          operations:
            - method: GET
              name: list-firewall-nat
              description: List all NAT rules
              call: "routeros.list-firewall-nat"
              outputParameters:
                - type: array
                  mapping: "$."

        - path: /v1/firewall/address-lists
          name: address-lists
          description: Named address lists for use in firewall rules
          operations:
            - method: GET
              name: list-address-lists
              description: List all address list entries
              call: "routeros.list-address-lists"
              with:
                list: "rest.list"
              outputParameters:
                - type: array
                  mapping: "$."
            - method: PUT
              name: add-address-list-entry
              description: Add an IP address to a named firewall list
              call: "routeros.add-address-list-entry"
              with:
                list: "rest.list"
                address: "rest.address"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/routing/routes
          name: routes
          description: Static and dynamic routing table entries
          operations:
            - method: GET
              name: list-routes
              description: List all routes in the routing table
              call: "routeros.list-routes"
              with:
                active: "rest.active"
              outputParameters:
                - type: array
                  mapping: "$."
            - method: PUT
              name: add-route
              description: Add a static route
              call: "routeros.add-route"
              with:
                dst-address: "rest.dst_address"
                gateway: "rest.gateway"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/system/resource
          name: system-resource
          description: Device resource utilization and hardware information
          operations:
            - method: GET
              name: get-system-resource
              description: Get CPU, memory, storage, and uptime information
              call: "routeros.get-system-resource"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/dhcp/leases
          name: dhcp-leases
          description: DHCP server lease table
          operations:
            - method: GET
              name: list-dhcp-leases
              description: List all DHCP leases including client hostnames and MAC addresses
              call: "routeros.list-dhcp-leases"
              outputParameters:
                - type: array
                  mapping: "$."

        - path: /v1/dns
          name: dns-settings
          description: DNS resolver configuration
          operations:
            - method: GET
              name: get-dns-settings
              description: Get DNS server configuration
              call: "routeros.get-dns-settings"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: PATCH
              name: update-dns-settings
              description: Update DNS server addresses
              call: "routeros.update-dns-settings"
              with:
                servers: "rest.servers"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/wireless/clients
          name: wireless-clients
          description: Connected wireless client monitoring
          operations:
            - method: GET
              name: list-wireless-clients
              description: List all currently connected wireless clients with signal strength
              call: "routeros.list-wireless-clients"
              outputParameters:
                - type: array
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: network-management-mcp
      transport: http
      description: "MCP server for AI-assisted RouterOS network device management."
      tools:
        - name: list-ip-addresses
          description: List all IP addresses configured on router interfaces
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.list-ip-addresses"
          outputParameters:
            - type: array
              mapping: "$."

        - name: add-ip-address
          description: Assign a new IP address to a router interface (CIDR notation required)
          hints:
            readOnly: false
            idempotent: false
          call: "routeros.add-ip-address"
          with:
            address: "tools.address"
            interface: "tools.interface"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-interfaces
          description: List all network interfaces with running status, type, and MAC address
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.list-interfaces"
          outputParameters:
            - type: array
              mapping: "$."

        - name: list-firewall-filters
          description: List firewall filter rules; filter by chain (input/forward/output) or action
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.list-firewall-filters"
          with:
            chain: "tools.chain"
            action: "tools.action"
          outputParameters:
            - type: array
              mapping: "$."

        - name: add-firewall-filter
          description: Add a packet filter rule specifying chain, action, source/destination addresses
          hints:
            readOnly: false
            idempotent: false
          call: "routeros.add-firewall-filter"
          with:
            chain: "tools.chain"
            action: "tools.action"
            src-address: "tools.src_address"
            dst-address: "tools.dst_address"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-firewall-nat
          description: List NAT rules for masquerading, source NAT, and destination NAT
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.list-firewall-nat"
          outputParameters:
            - type: array
              mapping: "$."

        - name: list-address-lists
          description: List entries in named firewall address lists
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.list-address-lists"
          with:
            list: "tools.list"
          outputParameters:
            - type: array
              mapping: "$."

        - name: add-address-list-entry
          description: Block or classify an IP by adding it to a named firewall address list
          hints:
            readOnly: false
            idempotent: false
          call: "routeros.add-address-list-entry"
          with:
            list: "tools.list"
            address: "tools.address"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-routes
          description: List routing table entries; optionally filter by active routes only
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.list-routes"
          with:
            active: "tools.active"
          outputParameters:
            - type: array
              mapping: "$."

        - name: add-route
          description: Add a static route with destination network and gateway
          hints:
            readOnly: false
            idempotent: false
          call: "routeros.add-route"
          with:
            dst-address: "tools.dst_address"
            gateway: "tools.gateway"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-system-resource
          description: Get RouterOS device CPU load, memory usage, uptime, and version information
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.get-system-resource"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-dhcp-leases
          description: List all DHCP leases showing client hostname, MAC address, and assigned IP
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.list-dhcp-leases"
          outputParameters:
            - type: array
              mapping: "$."

        - name: get-dns-settings
          description: Get current DNS server addresses and cache configuration
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.get-dns-settings"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-wireless-clients
          description: List all connected wireless clients with signal strength, MAC address, and uptime
          hints:
            readOnly: true
            idempotent: true
          call: "routeros.list-wireless-clients"
          outputParameters:
            - type: array
              mapping: "$."