a nice little hack I discovered today is to use claude code or any other LLM to inspect your firewall rules for security risks. Either give the LLM some read access to pfsense/opnsense APIs (non-sensitive ones) or dump your config to xml (and remove sensitive info). Ask it to look for oppurtunities for an attacker to move laterally, etc. Then have it generate curl commands for fixing the holes via the APIs. As a bonus, set this up as a cron job for regular security reviews.