How Auto Configuration Backup works....

occamsrazor

The new (for non-Gold users) Auto Configuration Backup feature is nice to have. The changes that get backed up seem extremely granular, which is impressive. From what I'm seeing the service stores the last 100 backups. However here lies a sort of problem, because of the granularity it seems (at least from what I can see) that those 100 changes can be used up extremely quickly, resulting in the last backup available perhaps being less than a day old if you've made a bunch of changes, and some things that are automatic get registered as changes.

For example my configuration change list is filled up with stuff like this, each of which appears to count as 1 out of the 100 backups:

Mon, 24 Sep 2018 10:30:45 +0300 	(system): Removed cron job for /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl today 	
Mon, 24 Sep 2018 10:30:48 +0300 	(system): Removed cron job for /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl yesterday 	
Mon, 24 Sep 2018 10:30:51 +0300 	(system): Installed cron job for /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl today 	
Mon, 24 Sep 2018 10:30:54 +0300 	(system): Installed cron job for /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl yesterday 	
Mon, 24 Sep 2018 11:24:19 +0300 	xxxxxxxxxx@192.168.0.16 (Local Database): Updated traffic graphs widget settings via dashboard. 	
Mon, 24 Sep 2018 11:51:16 +0300 		
Mon, 24 Sep 2018 13:00:13 +0300 	(system): Suricata pkg: updated status for updated rules package(s) check. 	
Mon, 24 Sep 2018 18:17:10 +0300 	(system): Intermediate config write during package removal for pfBlockerNG-devel. 	
Mon, 24 Sep 2018 18:17:14 +0300 	(system): pfBlockerNG: saving Unbound config 	
Mon, 24 Sep 2018 18:17:17 +0300 	(system): pfBlockerNG: saving DNSBL changes 	
Mon, 24 Sep 2018 18:17:21 +0300 	(system): pfBlockerNG: saving Aliases 	
Mon, 24 Sep 2018 18:17:26 +0300 	(system): Removed cron job for pfblockerng.php cron 	
Mon, 24 Sep 2018 18:17:29 +0300 	(system): Removed cron job for pfblockerng.php dcc 	
Mon, 24 Sep 2018 18:17:32 +0300 	(system): Removed cron job for pfblockerng.php bl

Obviously I can't complain because this is a free service but if we are to stick to the 100 backups threshold, which is quite reasonable, then I personally would prefer an option to manually set the backup interval to say once per day (hour/week), enabling me to have less granularity but 100 days of backups. Or am I misinterpreting how this works?

coreybrett

Perhaps related...

https://forum.netgate.com/topic/133694/feature-suggestion-for-backup-history

occamsrazor

@coreybrett Yes that would be good as well. A different option... I'd like both available.

Steve_B

Currently the ACB system makes a backup whenever the firewall configuration is changed. This works well for deliberate config changes, but not so well where you have packages (such as pfBlockerNG) that write to the config system as part of their
continuous operation. In future versions, we will be refining this operation, as well as working with package maintainers to make better use of the system.

msf2000

Is there a way to have the Cron package invoke the Auto Config Backup on a set time-interval (such as nightly)?

Steve_B

Scheduled backups have beed added to the system and will appear in the next snapshot/release.

Gertjan

I've been using in parallel this https://github.com/KoenZomers/pfSenseBackup : runs from a Windows PC every day.