You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
101 lines
2.8 KiB
101 lines
2.8 KiB
---
|
|
title: 'pfSense: restore broken config'
|
|
aliases:
|
|
- /posts/2022-07-04-pfsense-restore-broken-config
|
|
- /posts/2022-07-04-pfsense-restore-broken-config-file
|
|
summary: >
|
|
Restoring a configuration file for pfSense when it actually stays in a
|
|
boot-loop
|
|
date: 2022-07-04T18:14:13+02:00
|
|
categories: [computerstuff]
|
|
tags: [pfsense,networking]
|
|
|
|
---
|
|
|
|
My pfSense firewall at home got a pretty heavy misconfiguration by myself and
|
|
that resulted in an annoying boot-loop. This took me quite a while to research,
|
|
but I finally got it working again. Thank god pfSense makes backups of its
|
|
configuration so this recovery process works quite well.
|
|
|
|
## Follow these steps
|
|
|
|
1. Boot into **single user mode**
|
|
|
|
Connect to your firewall (with a serial console) and choose option
|
|
`5) Reboot system` and confirm with the letter `S` (capital s).
|
|
|
|
2. **ZFS version only**
|
|
|
|
1. Remount root slice as read-write:
|
|
|
|
~~~console
|
|
$ /sbin/mount -u /
|
|
~~~
|
|
|
|
2. Mount all ZFS filesystems, datasets etc.
|
|
|
|
~~~console
|
|
$ /sbin/zfs mount -a
|
|
~~~
|
|
|
|
3. Working within the mounted filesystems
|
|
|
|
1. Enter **/cf/conf**
|
|
|
|
~~~console
|
|
$ cd /cf/conf
|
|
~~~
|
|
|
|
2. Copy the newest backup file back
|
|
|
|
~~~console
|
|
$ cp backup/config-1648889613.xml config.xml
|
|
~~~
|
|
|
|
3. Clear the config cache
|
|
|
|
~~~console
|
|
$ rm /tmp/config.cache
|
|
~~~
|
|
|
|
4. Reload system and it's services
|
|
|
|
~~~console
|
|
$ /etc/rc.reload_all start
|
|
~~~
|
|
|
|
This may take a while. At this point we are done, we can now remove
|
|
the single user mode boot configuration and reboot the firewall.
|
|
|
|
4. Clear the single user mode boot configuration
|
|
|
|
~~~console
|
|
$ /sbin/nextboot -D
|
|
~~~
|
|
|
|
ZFS does not clear the single user mode boot configuration by itself,
|
|
that's why we have to delete it after we are done with our work.
|
|
|
|
5. Reboot the system
|
|
|
|
~~~console
|
|
$ /sbin/reboot
|
|
~~~
|
|
|
|
You could also use exit, but that would only continue booting into
|
|
multi user mode without rebooting the system first. I personally think
|
|
that we would benefit from a full reboot.
|
|
|
|
Okay, that's it all for now. Please note that I do not use the UFS filesystem
|
|
any more, so I won't add this to my little instruction set.
|
|
|
|
{{< alert circle-info >}}
|
|
This post was actually older, I've saved the instructions in a textfile until I
|
|
found the time to format it and publish it on my website.
|
|
{{< /alert >}}
|
|
|
|
## Sources
|
|
|
|
- <https://docs.netgate.com/pfsense/en/latest/troubleshooting/single-user-mode.html#ufs-systems>
|
|
- <https://www.agix.com.au/restore-pfsense-from-backup-using-the-cli-command-line/>
|