How to backup pfblockerng please?
-
Hello,
How can you backup the pfBlockerNG config please?
I tried looking into XMLRPC, but I'm confused. What software should I install on the target please?Thanks.
-
@Koent Just use the "Diagnostics/Backup and Restore" or "Services/Auto Config Backup" to backup the entire system's config.xml. It's all in there.
-
Check out the "Sync" Tab.
-
Hello,
I cannot find a target to receive the files. Any idea what I should install on the receiving host please. I have a qnap NAS, an Ubuntu server and an Arch laptop. Sorry to disturb with this. I 've looked around for a couple of hours but I cannot find a solution.
Thanks.
-
@Koent
You don't need to install anything except pfBlockerNG-devel on both boxes. They must both be the same pfSense version tho. Then you configure the sync settings on the master to push settings to the other machine. This will occur on a Force Update or Cron event. Then once its sync'd once, you can remove the sync. -
@BBcan177 OK. Thanks.
-
@bbcan177 Reopening an old topic: is there a list of which files to download from pfSense to my PC that will save my pfBlocker configuration? I almost had to repave my pfSense box and would've lost my config if I had.
Thanks!
-
@draco Just save the config file:
https://forum.netgate.com/topic/146705/how-to-backup-pfblockerng-please/2 -
S SteveITS referenced this topic on Mar 7, 2023, 5:02 AM
-
@steveits I thought that PFblocker had more configuration info than was found in the config.XML file. Did I misunderstand?
-
@draco
You did.
The config file contains all the settings from all the packages and all pfSense itself.Take note : default settings don't need to be saved.
Try it out for yourself :
Re install pfSense.
Import the saved config file.
All settings will get restored. -
I'm in a similar situation. We have a backup from "Auto Config Backup" and our hardware died. Restoring backup lacked pfblocker config, such as websites we had manually put on allow-lists..
Did I get this right from here that Auto Config Backup skips pfblocker config, while manual backup includes it? If so, is there any chance to restore these settings in case the ssd is still intact?
Thanks in advance! -
@luas I had not heard that about the auto backup. We don't use that. We just download a copy whenever changes are made, to our office and/or the client's site. The downloaded config has everything.
There is this:
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restoring-by-mounting-the-disk -
@luas said in How to backup pfblockerng please?:
Did I get this right from here that Auto Config Backup skips pfblocker config
Services > Auto Configuration Backup > Restore
and use the Show Info button :
My backups do contain all the pfblockerng settings.
Btw : I'm only using "abc" in the daily mode :
the "on every config change" will backup ... as said, on every config change.
That's fine, but, if you edit your config a lot on one day, and knowing that abc has a limit to the last 100 configs or so, I prefer to have a 'daily' copy.Also : I have a PC on my LAN executing a daily script that grabs a copy of the config, just to have a local backup plan.
Can't find any traces about "pfblockerng" being excluded, neither why this would be needed :
anyway, the discussed pfblockerng version on redit is old.
-
Thanks @SteveITS and @Gertjan
In the meantime, I was able to stick the ssd from the broken firewall into another device and boot up there. My apologies - saying whitelists were missing was not true. Indeed they're there, and massed user feedback about sites being blocked that worked before had led me to wrong assumptions.Our pfblocker specialist is on vacation, and frankly speaking, I'm not sure what happened exactly. Thanks for your support anyway!
-
@gertjan To test this idea, I started grep'ing /conf/config.xml. A lot of the configuration information is there. However not all of it is present. For instance entries from manual/custom DNSBL Whitelists and Blacklists is not in config.xml (I confirmed this with a couple of greps -- if even one entry is missing then it would seem it ain't all there).
Another user just asked about this on Reddit.
Now I wonder what else is not stored in Config.xml ... ?? Had I flattened my box and tried to restore it using a backup Config.xml, I would've lost my at least the data in my custom DNSBL White/Black-lists.
@BBcan177 - when you come up for air again, any guidance you can offer would be appreciated!
-
I decided to unblock "metrics.icloud.com" :
On the Alert page :
and added a comment "20230316".
The message showed up at the top :
After a somewhat slow realod of the Alert page :
On the main Firewall > pfBlockerNG > DNSBL page, close to the bottom, I found :
so that is where the white listed DNSBL are added. Note the comment "20230316".
You said : I can't find these entries in the config.xml
The answer is : you have to know how to look
To find it, I used 'grep' also, but took another approach.
Take another look at this :
and now look at it with your browser developper tool, so you can see the html :
Now I know that html texarea is called 'suppression'.
I grepped 'suppression' in the config.xml file, and sure enough, several exist, but one is our potential candidate :
<pfblockerngdnsblsettings> <config> <pfb_dnsvip>10.10.10.1</pfb_dnsvip> <pfb_dnsport>8081</pfb_dnsport> <pfb_dnsport_ssl>8443</pfb_dnsport_ssl> <pfb_dnsblv6>on</pfb_dnsblv6> <pfb_dnsbl>on</pfb_dnsbl> <suppression>czMuYW1hem9uYXdzLmNvbQ0KczMtMS5hbWF6b25hd3MuY29tDQpnaXRodWIuY29tDQpnaXRodWJ1c2VyY29udGVudC5jb20NCmdpdGh1Yi5tYXAuZmFzdGx5Lm5ldA0KZ2l0bGFiLmNvbQ0Kc291cmNlZm9yZ2UubmV0DQpmbHMtbmEuYW1hem9uLmNvbQ0KY29udHJvbC5rb2NoYXZhLmNvbQ0KZGV2aWNlLW1ldHJpY3MtdXMtMi5hbWF6b24uY29tDQphbWF6b24tYWRzeXN0ZW0uY29tDQpweC5tb2F0YWRzLmNvbQ0Kd2lsZGNhcmQubW9hdGFkcy5jb20uZWRnZWtleS5uZXQNCmUxMzEzNi5nLmFrYW1haWVkZ2UubmV0DQpzZWN1cmUtZ2wuaW1yd29ybGR3aWRlLmNvbQ0KcGl4ZWwuYWRzYWZlcHJvdGVjdGVkLmNvbQ0KYW55Y2FzdC5waXhlbC5hZHNhZmVwcm90ZWN0ZWQuY29tDQpicy5zZXJ2aW5nLXN5cy5jb20NCmJzLmV5ZWJsYXN0ZXIuYWthZG5zLm5ldA0KYnNsYS5leWVibGFzdGVyLmFrYWRucy5uZXQNCmFkc2FmZXByb3RlY3RlZC5jb20NCmdvb2dsZS5jb20NCnlvdXR1YmUuY29tDQpzdGFja292ZXJmbG93LmNvbQ0KZHJvcGJveC5jb20NCmRyb3Bib3gtZG5zLmNvbQ0KcGJzLnR3aW1nLmNvbQ0KY3MxOTYud2FjLmVkZ2VjYXN0Y2RuLm5ldA0KY3MyLXdhYy5hcHItODMxNS5lZGdlY2FzdGRucy5uZXQNCmNzMi13YWMtdXMuODMxNS5lY2Rucy5uZXQNCmNzNDUud2FjLmVkZ2VjYXN0Y2RuLm5ldA0KcGZzZW5zZS5vcmcNCm5ldGdhdGUuY29tDQouYWF4LWV1LmFtYXpvbi1hZHN5c3RlbS5jb20gIyBhbWF6b24NCi5nZW9sb2NhdGlvbi5vbmV0cnVzdC5jb20NCmdvb2dsZXRhZ21hbmFnZXIuY29tDQp3d3cuZ29vZ2xldGFnbWFuYWdlci5jb20NCnRyLmNvdXJyaWVyLnN1ZG91ZXN0LmZyDQp3d3cudHIuY291cnJpZXIuc3Vkb3Vlc3QuZnINCnRyYWNraW5nLmJwMDEubmV0ICMgQ05BTUUgZm9yICh0ci5jb3Vycmllci5zdWRvdWVzdC5mcikNCnBhcmtpbmdjcmV3Lm5ldA0Kd3d3LnBhcmtpbmdjcmV3Lm5ldA0KLmluZm8tZnIuYnVyZWF1dmVyaXRhcy5jb20NCi50YWJvb2xhLmNvbQ0KLm1ldHJpY3MuaWNsb3VkLmNvbSAjIHRlc3QgMjAyMzAzMTYgd2hpdGVsaXN0DQo=</suppression> <pfb_tld>on</pfb_tld> ...... etc ..... </pfblockerngdnsblsettings>So the entire text area block is base64 encoded.
Not really to hide it for privacy reason, as it can be decoded easily, but to take care of all kind user entered comment text that could contain accents, international ASCI and whatever. It's a save way to store random text in a xml file, which imposes it's own encoding.
Btw : Most user entered text will be base64 encoded.Let's check my <suppression> block with ... (200 msec Google grep ) : https://www.base64decode.org/, pasted in the <suppression> block and :
Case closed :
-
All custom lists are stored as base64 entries in the config.xml
-