---
title: 'pfSense: restore broken config'
#aliases:
#    - '2022-07-04-pfsense-restore-broken-config-file'
summary: >
  Restoring a configuration file for pfSense when it actually stays in a
  boot-loop
date: 2022-07-04T18:14:13+02:00
categories: [computerstuff]
tags: [pfSense,networking]

---

My pfSense firewall at home got a pretty heavy misconfiguration by myself and
that resulted in an annoying boot-loop. This took me quite a while to research,
but I finally got it working again. Thank god pfSense makes backups of its
configuration so this recovery process works quite well.

## Follow these steps

1. Boot into **single user mode**  

    Connect to your firewall (with a serial console) and choose option
    `5) Reboot system` and confirm with the letter `S` (capital s).

2. **ZFS version only**

    1. Remount root slice as read-write:

        ~~~console
        $ /sbin/mount -u /
        ~~~

    2. Mount all ZFS filesystems, datasets etc.

        ~~~console
        $ /sbin/zfs mount -a
        ~~~

    3. Working within the mounted filesystems

        1. Enter **/cf/conf**

            ~~~console
            $ cd /cf/conf
            ~~~

        2. Copy the newest backup file back

            ~~~console
            $ cp backup/config-1648889613.xml config.xml
            ~~~

        3. Clear the config cache

            ~~~console
            $ rm /tmp/config.cache
            ~~~

        4. Reload system and it's services

            ~~~console
            $ /etc/rc.reload_all start
            ~~~

            This may take a while. At this point we are done, we can now remove
            the single user mode boot configuration and reboot the firewall.

    4. Clear the single user mode boot configuration

        ~~~console
        $ /sbin/nextboot -D
        ~~~

        ZFS does not clear the single user mode boot configuration by itself,
        that's why we have to delete it after we are done with our work.

    5. Reboot the system

        ~~~console
        $ /sbin/reboot
        ~~~

        You could also use exit, but that would only continue booting into
        multi user mode without rebooting the system first. I personally think
        that we would benefit from a full reboot.

Okay, that's it all for now. Please note that I do not use the UFS filesystem
any more, so I won't add this to my little instruction set.

{{< alert circle-info >}}
This post was actually older, I've saved the instructions in a textfile until I
found the time to format it and publish it on my website.
{{< /alert >}}

## Sources

- <https://docs.netgate.com/pfsense/en/latest/troubleshooting/single-user-mode.html#ufs-systems>
- <https://www.agix.com.au/restore-pfsense-from-backup-using-the-cli-command-line/>