RouterOS · Capability

RouterOS REST API — Firewall

RouterOS REST API — Firewall. 8 operations. Lead operation: List Firewall Address Lists. Self-contained Naftiko capability covering one Routeros business surface.

Run with Naftiko RouterosFirewall

What You Can Do

GET
Listfirewalladdresslists — List Firewall Address Lists
/v1/ip/firewall/address-list
PUT
Addfirewalladdresslistentry — Add Firewall Address List Entry
/v1/ip/firewall/address-list
GET
Listfirewallfilters — List Firewall Filter Rules
/v1/ip/firewall/filter
PUT
Addfirewallfilter — Add Firewall Filter Rule
/v1/ip/firewall/filter
PATCH
Updatefirewallfilter — Update Firewall Filter Rule
/v1/ip/firewall/filter/{id}
DELETE
Deletefirewallfilter — Delete Firewall Filter Rule
/v1/ip/firewall/filter/{id}
GET
Listfirewallnat — List Firewall NAT Rules
/v1/ip/firewall/nat
PUT
Addfirewallnat — Add Firewall NAT Rule
/v1/ip/firewall/nat

MCP Tools

list-firewall-address-lists

List Firewall Address Lists

read-only idempotent
add-firewall-address-list-entry

Add Firewall Address List Entry

idempotent
list-firewall-filter-rules

List Firewall Filter Rules

read-only idempotent
add-firewall-filter-rule

Add Firewall Filter Rule

idempotent
update-firewall-filter-rule

Update Firewall Filter Rule

idempotent
delete-firewall-filter-rule

Delete Firewall Filter Rule

idempotent
list-firewall-nat-rules

List Firewall NAT Rules

read-only idempotent
add-firewall-nat-rule

Add Firewall NAT Rule

idempotent

Capability Spec

rest-firewall.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: RouterOS REST API — Firewall
  description: 'RouterOS REST API — Firewall. 8 operations. Lead operation: List Firewall Address Lists. Self-contained Naftiko
    capability covering one Routeros business surface.'
  tags:
  - Routeros
  - Firewall
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    ROUTEROS_API_KEY: ROUTEROS_API_KEY
capability:
  consumes:
  - type: http
    namespace: rest-firewall
    baseUri: https://{routerIP}/rest
    description: RouterOS REST API — Firewall business capability. Self-contained, no shared references.
    resources:
    - name: ip-firewall-address-list
      path: /ip/firewall/address-list
      operations:
      - name: listfirewalladdresslists
        method: GET
        description: List Firewall Address Lists
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Filter by list name
      - name: addfirewalladdresslistentry
        method: PUT
        description: Add Firewall Address List Entry
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: ip-firewall-filter
      path: /ip/firewall/filter
      operations:
      - name: listfirewallfilters
        method: GET
        description: List Firewall Filter Rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: chain
          in: query
          type: string
          description: Filter by chain (input, forward, output)
        - name: action
          in: query
          type: string
          description: Filter by action (accept, drop, reject)
      - name: addfirewallfilter
        method: PUT
        description: Add Firewall Filter Rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: ip-firewall-filter-id
      path: /ip/firewall/filter/{id}
      operations:
      - name: updatefirewallfilter
        method: PATCH
        description: Update Firewall Filter Rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deletefirewallfilter
        method: DELETE
        description: Delete Firewall Filter Rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: ip-firewall-nat
      path: /ip/firewall/nat
      operations:
      - name: listfirewallnat
        method: GET
        description: List Firewall NAT Rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: chain
          in: query
          type: string
          description: Filter by chain (srcnat, dstnat)
      - name: addfirewallnat
        method: PUT
        description: Add Firewall NAT Rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: basic
      username: '{{env.ROUTEROS_USER}}'
      password: '{{env.ROUTEROS_PASS}}'
  exposes:
  - type: rest
    namespace: rest-firewall-rest
    port: 8080
    description: REST adapter for RouterOS REST API — Firewall. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/ip/firewall/address-list
      name: ip-firewall-address-list
      description: REST surface for ip-firewall-address-list.
      operations:
      - method: GET
        name: listfirewalladdresslists
        description: List Firewall Address Lists
        call: rest-firewall.listfirewalladdresslists
        with:
          list: rest.list
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: addfirewalladdresslistentry
        description: Add Firewall Address List Entry
        call: rest-firewall.addfirewalladdresslistentry
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/ip/firewall/filter
      name: ip-firewall-filter
      description: REST surface for ip-firewall-filter.
      operations:
      - method: GET
        name: listfirewallfilters
        description: List Firewall Filter Rules
        call: rest-firewall.listfirewallfilters
        with:
          chain: rest.chain
          action: rest.action
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: addfirewallfilter
        description: Add Firewall Filter Rule
        call: rest-firewall.addfirewallfilter
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/ip/firewall/filter/{id}
      name: ip-firewall-filter-id
      description: REST surface for ip-firewall-filter-id.
      operations:
      - method: PATCH
        name: updatefirewallfilter
        description: Update Firewall Filter Rule
        call: rest-firewall.updatefirewallfilter
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletefirewallfilter
        description: Delete Firewall Filter Rule
        call: rest-firewall.deletefirewallfilter
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/ip/firewall/nat
      name: ip-firewall-nat
      description: REST surface for ip-firewall-nat.
      operations:
      - method: GET
        name: listfirewallnat
        description: List Firewall NAT Rules
        call: rest-firewall.listfirewallnat
        with:
          chain: rest.chain
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: addfirewallnat
        description: Add Firewall NAT Rule
        call: rest-firewall.addfirewallnat
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: rest-firewall-mcp
    port: 9090
    transport: http
    description: MCP adapter for RouterOS REST API — Firewall. One tool per consumed operation, routed inline through this
      capability's consumes block.
    tools:
    - name: list-firewall-address-lists
      description: List Firewall Address Lists
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: rest-firewall.listfirewalladdresslists
      with:
        list: tools.list
      outputParameters:
      - type: object
        mapping: $.
    - name: add-firewall-address-list-entry
      description: Add Firewall Address List Entry
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: rest-firewall.addfirewalladdresslistentry
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: list-firewall-filter-rules
      description: List Firewall Filter Rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: rest-firewall.listfirewallfilters
      with:
        chain: tools.chain
        action: tools.action
      outputParameters:
      - type: object
        mapping: $.
    - name: add-firewall-filter-rule
      description: Add Firewall Filter Rule
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: rest-firewall.addfirewallfilter
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: update-firewall-filter-rule
      description: Update Firewall Filter Rule
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: rest-firewall.updatefirewallfilter
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-firewall-filter-rule
      description: Delete Firewall Filter Rule
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: rest-firewall.deletefirewallfilter
      outputParameters:
      - type: object
        mapping: $.
    - name: list-firewall-nat-rules
      description: List Firewall NAT Rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: rest-firewall.listfirewallnat
      with:
        chain: tools.chain
      outputParameters:
      - type: object
        mapping: $.
    - name: add-firewall-nat-rule
      description: Add Firewall NAT Rule
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: rest-firewall.addfirewallnat
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.