How Auto Configuration Backup works....
-
The new (for non-Gold users) Auto Configuration Backup feature is nice to have. The changes that get backed up seem extremely granular, which is impressive. From what I'm seeing the service stores the last 100 backups. However here lies a sort of problem, because of the granularity it seems (at least from what I can see) that those 100 changes can be used up extremely quickly, resulting in the last backup available perhaps being less than a day old if you've made a bunch of changes, and some things that are automatic get registered as changes.
For example my configuration change list is filled up with stuff like this, each of which appears to count as 1 out of the 100 backups:
Mon, 24 Sep 2018 10:30:45 +0300 (system): Removed cron job for /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl today Mon, 24 Sep 2018 10:30:48 +0300 (system): Removed cron job for /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl yesterday Mon, 24 Sep 2018 10:30:51 +0300 (system): Installed cron job for /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl today Mon, 24 Sep 2018 10:30:54 +0300 (system): Installed cron job for /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl yesterday Mon, 24 Sep 2018 11:24:19 +0300 xxxxxxxxxx@192.168.0.16 (Local Database): Updated traffic graphs widget settings via dashboard. Mon, 24 Sep 2018 11:51:16 +0300 Mon, 24 Sep 2018 13:00:13 +0300 (system): Suricata pkg: updated status for updated rules package(s) check. Mon, 24 Sep 2018 18:17:10 +0300 (system): Intermediate config write during package removal for pfBlockerNG-devel. Mon, 24 Sep 2018 18:17:14 +0300 (system): pfBlockerNG: saving Unbound config Mon, 24 Sep 2018 18:17:17 +0300 (system): pfBlockerNG: saving DNSBL changes Mon, 24 Sep 2018 18:17:21 +0300 (system): pfBlockerNG: saving Aliases Mon, 24 Sep 2018 18:17:26 +0300 (system): Removed cron job for pfblockerng.php cron Mon, 24 Sep 2018 18:17:29 +0300 (system): Removed cron job for pfblockerng.php dcc Mon, 24 Sep 2018 18:17:32 +0300 (system): Removed cron job for pfblockerng.php bl
Obviously I can't complain because this is a free service but if we are to stick to the 100 backups threshold, which is quite reasonable, then I personally would prefer an option to manually set the backup interval to say once per day (hour/week), enabling me to have less granularity but 100 days of backups. Or am I misinterpreting how this works?
-
Perhaps related...
https://forum.netgate.com/topic/133694/feature-suggestion-for-backup-history
-
@coreybrett Yes that would be good as well. A different option... I'd like both available.
-
Currently the ACB system makes a backup whenever the firewall configuration is changed. This works well for deliberate config changes, but not so well where you have packages (such as pfBlockerNG) that write to the config system as part of their
continuous operation. In future versions, we will be refining this operation, as well as working with package maintainers to make better use of the system. -
Is there a way to have the Cron package invoke the Auto Config Backup on a set time-interval (such as nightly)?
-
Scheduled backups have beed added to the system and will appear in the next snapshot/release.
-
I've been using in parallel this https://github.com/KoenZomers/pfSenseBackup : runs from a Windows PC every day.