All HowTo's pfSense Security HowTo's

Restore pfSense From Backup Using The CLI (command line)

When all goes bad and you can’t get to the web interface of your Netgate pfSense, you’ll have no option but to try using the CLI (command line). This happened to me recently and this article explains what i did to recover.

A few worthy points:

  1. The pfSense configuration file (a single file) is stored in “/cf/conf/config.xml“.
  2. Backup configuration files are stored in “/cf/conf/backup/“.
  3. Copying the configuration file from the backup location over the top of the current configuration is effectively the restore process.

These are the steps to restore back to a previous state. I’m assuming the system wont boot as normal and therefore “single user” mode is needed.

  1. Boot the Netgate with the mini-USB cable connecting the Netgate appliance to your workstation.
  2. Very near the start of the booting process, there’s a prompt to boot with options. Select to boot into “single user” mode.
  3. When you get a prompt, remount the filesystem into read/write mode using “mount -u /cf”.
  4. Check the filesystem for errors and repair them with “fsck -yf /“.
  5. Locate and copy the restore file from the “/cf/conf/backup/” directory. Go back a few stages (not the latest file) based on the times of the backup files. Copy it with “cp /cf/conf/backup/config-1593242670.xml /cf/config/config.xml“.
  6. Remove the file “/tmp/config.cache” using “rm /tmp/config.cache“.
  7. Run the command “/etc/rc.reload_all start“.
  8. Reboot using “reboot“.

When the device reboots, it should be back-dated (in terms of the config) to the date of the restore file.

Note: Some of the details used here are from “https://forum.netgate.com/topic/7246/command-line-config-restore/3”.

 

Similar Posts:

3 comments

  1. Thanks so much this happened to me recently, I was able to restore my pfsense,it was rebooting repeatedly due to improper booting because of power surge

  2. What prompted me to write the article in the first place was that I was looking after a 3100 that was not backed by a UPS. The power flapped and the device rebooted several times unexpectedly – without full boots. So the disk check (and the other steps in this article) were the solution(s). Interestingly that’s the only time I’ve ever needed to go through this process. The client has since installed a UPS that includes this firewall and it’s HA sibling.

Leave a Reply to Wesley biko Cancel reply

Your email address will not be published.