Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Are configuration changes logged?

    General pfSense Questions
    5
    7
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MilesDeep
      last edited by

      I began configuring a 2440 yesterday.  Today, people are getting DHCP leases from this new firewall.  It was short-lived chaos.  There is no way I made this firewall a DHCP server.  One of two things happened; the 2440 is a dhcp server out of the box or someone enabled it as a dhcp server.  Would this be logged?

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        https://doc.pfsense.org/index.php/Configuration_History

        Normally, you're given the choice to activate the DHCP service when you configure the LAN interface. If it's not activated, then it shouldn't just 'activate itself'.

        1 Reply Last reply Reply Quote 0
        • MikeV7896M
          MikeV7896
          last edited by

          I'm pretty sure that for the LAN interface, it's enabled by default, regardless of if it's a pfSense-purchased box or software loaded on a custom system.

          But other interfaces it needs to be manually enabled on.

          As for logging the setting changes, I'm pretty sure they're logged, but don't remember where to go to see the list. Separate from that, firewall rules also track who created them and when they were last modified.

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            Changes can be seen in diagnostics > backup restore

            1 Reply Last reply Reply Quote 0
            • M
              muswellhillbilly
              last edited by

              The screenshot below is taken from a VM I'm running for test purposes. When you assign the LAN address the system asks if you need to enable DHCP on the interface before activating it. If you consult the Config History under the Backup section (as per heper's suggestion), you can check what changes were made and when.

              pfs-lan.jpg
              pfs-lan.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • M
                MilesDeep
                last edited by

                Thanks all.  I guess I should not have panicked and just put another 2440 on the bench.  The answer is yes, it does ship with DHCP server enabled.  I guess I'm just not used to firewalls shooting out leases by default.  I wish I had known!  pfSense, love you guys, a word of advise; don't enable dhcp server by default.  It just has a home network or small business feel to it.

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  If we didn't enable the DHCP server by default, we'd be overrun with "I plug in and it doesn't do anything". Many comparable "enterprise" solutions enable DHCP server out of the box with the default config for the same reason. Not going to change, and not "home network or small business", it's more common than not.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.