pfSense: restore broken config

My pfSense firewall at home got a pretty heavy misconfiguration by myself and that resulted in an annoying boot-loop. This took me quite a while to research, but I finally got it working again. Thank god pfSense makes backups of its configuration so this recovery process works quite well.

Follow these steps #

1. Boot into single user mode

   Connect to your firewall (with a serial console) and choose option 5) Reboot system and confirm with the letter S (capital s).

2. ZFS version only

   1. Remount root slice as read-write:

      $ /sbin/mount -u /
      

   2. Mount all ZFS filesystems, datasets etc.

      $ /sbin/zfs mount -a
      

   3. Working within the mounted filesystems

      1. Enter /cf/conf

         $ cd /cf/conf
         

      2. Copy the newest backup file back

         $ cp backup/config-1648889613.xml config.xml
         

      3. Clear the config cache

         $ rm /tmp/config.cache
         

      4. Reload system and it’s services

         $ /etc/rc.reload_all start
         

         This may take a while. At this point we are done, we can now remove the single user mode boot configuration and reboot the firewall.

   4. Clear the single user mode boot configuration

      $ /sbin/nextboot -D
      

      ZFS does not clear the single user mode boot configuration by itself, that’s why we have to delete it after we are done with our work.

   5. Reboot the system

      $ /sbin/reboot
      

      You could also use exit, but that would only continue booting into multi user mode without rebooting the system first. I personally think that we would benefit from a full reboot.

Okay, that’s it all for now. Please note that I do not use the UFS filesystem any more, so I won’t add this to my little instruction set.

Sources #

• https://docs.netgate.com/pfsense/en/latest/troubleshooting/single-user-mode.html#ufs-systems
• https://www.agix.com.au/restore-pfsense-from-backup-using-the-cli-command-line/