Where can I find information on the backup/restore XML schema?
I am working on a tool (https://github.com/imthenachoman/pfSense-Firewall-Rules-Manager) to work with pfSense's FW XML backup.
I'm having trouble with getting pfSense to import an XML file I create. It imports properly but the rules don't seem active. I'm not sure why because the XML I create seems to have everything it needs/expect.
Hoping someone can point me to the XML schema so I can maybe figure out what I am doing wrong.
What r u doin after u changed the xml?
When I changed xml I go to the rules move a separator an save and apply and works
Keeps me avoiding a reboot
I think I am going crazy.
I imported an XML file my tool created and it didn't work. Did this 15+ times with the same XML file and it didn't work.
I gave up, came back a few hours later, imported the same XML file, and it worked.
And by not working, I mean that the rules were there but not registering. For example, I had a rule to allow one VLAN access to the internet but the devices on that VLAN couldn't access the internet.
It seems to be working now. But I would still like the schema so I can ensure the XML my tool generates is accurate.
What do u do after the xml is imported?
Reboot? Or nothing?
What's the standard procedure for your import?
@noplan Okay. So I was wrong.
When I import my XML and then reboot, they do not work. I import the working backup copy and reboot and they do work.
If I import and don't reboot, they keep working but I assume that's cause of some caching or something.
@noplan I just saw that there is an error after importing my XML:
There were error(s) loading the rules: /tmp/rules.debug:177: syntax error - The line in question reads : block return in log quick on $LAN inet proto any from !192.168.1.0/24 to any tracker 1609008158 label "USER_RULE: reject anything not from net" @ 2021-01-31 11:42:07
And this is the rule for that tracker ID:
<rule> <type>reject</type> <interface>lan</interface> <ipprotocol>inet</ipprotocol> <protocol>any</protocol> <source> <network>lan</network> <not /> </source> <destination> <any /> </destination> <log /> <descr><![CDATA[reject anything not from net]]></descr> <tracker>1609008158</tracker> <statetype><![CDATA[keep state]]></statetype> </rule>
Not sure what is wrong...
@noplan So I think I figured it out.
Unlike the pfsense backup XML file, my code was not creating empty nodes.
So I fixed that. I create empty nodes.
Now it seems to be working.
Glad u were able to fix it