Script to back up pfSense config

Continuing the theme of keeping everything backed up, i realised i wasnt backing up my pfSense configs. You can do this automatically with pfSense gold. Id highly recommend getting it, even if its just to support the pfSense project. If you dont want to for whatever reason (though id highly suggest you do) then you can roll your own backup script. Heres how.

 

Setup a "backup user"


Rather than have our admin credentials in a script on a server, its best to setup a new user who just has access to the backup page.

This part is pretty simple. In the pfSense web interface, go to:

System > User Manager

Add a new user. Then once that user is created, set its "Effective Privileges" to just "Webcfg - Diagnostics: Backup/restore page"

Thats it done.

 

Now onto the script itself

#!/bin/sh

# Delete cookies.txt file if exists and start fresh.
if [ -f cookies.txt ]; then
rm cookies.txt
fi

# Get cookie values.
/usr/bin/curl -k -b cookies.txt -c cookies.txt --data 'login=Login&usernamefld=backup&passwordfld=password' http://192.168.0.1:8080/diag_backup.php

# Download the configuration.
/usr/bin/curl -k -b cookies.txt -o /home/jon/pfsense-backups/config-router-`date +%Y%m%d%H%M%S`.xml --data 'Submit=download&donotbackuprrd=no' http://192.168.0.1:8080/diag_backup.php


All you should need to do here is change the following:

  • Login
  • Password
  • IP of firewall and port (and whether its http or https)
  • Directory and name for script and backups


Next i added the script to crontab to have it run everyday at midnight.

Remember to make the script executable.

Here is my cron entry:

0 0 * * * /bin/sh /home/jon/pfsense-backups/pf-backup.sh


Thats it.

Using FreeIPA to authenticate OpenVPN users on pfSense

I have been fiddling with multiple different authentication methods to centralise the authentication across all my devices and services. ...… Continue reading

Zen Internet, IPv6 and pfsense

Published on February 19, 2017

Basic Telegraf, InfluxDB and Grafana setup

Published on January 26, 2017