Continuing the theme of keeping everything backed up, i realised i wasnt backing up my pfSense configs. You can do this automatically with pfSense gold. Id highly recommend getting it, even if its just to support the pfSense project. If you dont want to for whatever reason (though id highly suggest you do) then you can roll your own backup script. Heres how.
Setup a “backup user”
Rather than have our admin credentials in a script on a server, its best to setup a new user who just has access to the backup page.
This part is pretty simple. In the pfSense web interface, go to:
System > User Manager
Add a new user. Then once that user is created, set its
Effective Privileges to just
Webcfg - Diagnostics: Backup/restore page
Thats it done.
Now onto the script itself
#!/bin/sh # Delete cookies.txt file if exists and start fresh. if [ -f cookies.txt ]; then rm cookies.txt fi< # Get cookie values. /usr/bin/curl -k -b cookies.txt -c cookies.txt --data 'login=Login&usernamefld=backup&passwordfld=password' http://192.168.0.1:8080/diag_backup.php # Download the configuration. /usr/bin/curl -k -b cookies.txt -o /home/jon/pfsense-backups/config-router-`date +%Y%m%d%H%M%S`.xml --data 'Submit=download&donotbackuprrd=no' http://192.168.0.1:8080/diag_backup.php
All you should need to do here is change the following:
- IP of firewall and port (and whether its http or https)
- Directory and name for script and backups
Next i added the script to crontab to have it run everyday at midnight.
Remember to make the script executable.
Here is my cron entry:
0 0 * * * /bin/sh /home/jon/pfsense-backups/pf-backup.sh