Script to back up pfSense config

Continuing the theme of keeping everything backed up, i realised i wasnt backing up my pfSense configs. You can do this automatically with pfSense gold. Id highly recommend getting it, even if its just to support the pfSense project. If you dont want to for whatever reason (though id highly suggest you do) then you can roll your own backup script. Heres how.

Setup a “backup user”

Rather than have our admin credentials in a script on a server, its best to setup a new user who just has access to the backup page.

This part is pretty simple. In the pfSense web interface, go to: System > User Manager

Add a new user. Then once that user is created, set its Effective Privileges to just Webcfg - Diagnostics: Backup/restore page

Thats it done.

Now onto the script itself

#!/bin/sh
# Delete cookies.txt file if exists and start fresh.
if [ -f cookies.txt ]; then
rm cookies.txt
fi<
# Get cookie values.
/usr/bin/curl -k -b cookies.txt -c cookies.txt --data 'login=Login&usernamefld=backup&passwordfld=password' http://192.168.0.1:8080/diag_backup.php
# Download the configuration.
/usr/bin/curl -k -b cookies.txt -o /home/jon/pfsense-backups/config-router-`date +%Y%m%d%H%M%S`.xml --data 'Submit=download&donotbackuprrd=no' http://192.168.0.1:8080/diag_backup.php

All you should need to do here is change the following:

  • Login
  • Password
  • IP of firewall and port (and whether its http or https)
  • Directory and name for script and backups

Next i added the script to crontab to have it run everyday at midnight.

Remember to make the script executable.

Here is my cron entry:

0 0 * * * /bin/sh /home/jon/pfsense-backups/pf-backup.sh

Thats it.