Any way to visualise / diff old pfsense backups without putting them into active use?
-
Hello,
I had a minor mishap where adding a USB ethernet caused pfsense to prompt me to redo all my vlan assignments, but I did not immediately have the match of
opt9to which vlan to hand, and my memory falsely told me I could just fix it up in the GUI.Anyway, things became rather muddled, with static dhcp assignments now on the wrong interfaces, etc.
Unfortunately, my automatic backups were not working for the past few months, so my last backup is from April. Not a big deal, as things are fairly static, but I did not want to just restore this backup files directly.
Manually going through the backup file, and diffing against the current, I think I have everything fixed and back how it should be, but I would like to confirm if I missed something.
The question: Is there any way to visualise a backup in the GUI?
It seems the diff is only an option for changes in the last hour, no option to upload a backup.
I can spin up a VM, but it is going to ask me to assign interfaces again and I just want to go over what was present at the backup...
Does this feature already exist? Any ideas on how to achieve this?
Thanks!
-
@sloopbun If you have the two files saved, there's got to be some sort of file comparison utility. Windows has a command line one, fc.exe. I don't think I'd upload them to some random web site since they have passwords in them.
The config history in pfSense I think is just the last "n" files but it can be useless if, say, pfBlocker's cron task or something else changes the file regularly.
-
I also don't know any possibility to make the configuration backup visible in the GUI.
I'd go to compare the exported config files. You can use Notepad++ with the comparison plugin. This marks the diffs. So you can easily find the changes.
However, this presumes that you have an unencrypted backup.
-
Plan B :
console or SSH, option 8,Goto the config backup directory
cd /cf/conf/backupSee the list with backup files, normally about 100 :
ls a -aland compare any of them, I took the two latest :
diff config-1725209583.xml config-1724539620.xmlYou can also compare with a backup file and the current config.xml which can be found one level up in /cf/conf/.
As you will see, there is info that is base64 encoded.
-
+1 BBEdit
-
[24.03-RELEASE][root@pfSense.bhf.tld]/root: bbedit bbedit: Command not found. -
BBEdit is a Mac only app. Sorry. Plenty of other editors can do side by side comparisons.
You have to install app on a client then copy the config XML files to the same machine
https://www.barebones.com/products/bbedit/index.html
-
You can diff right in the webgui if the interesting configurations are still on the firewall using the compare button in Diagnostics > Configuration History.
-
Ah, nice, thanks.
A real solution was already one click away ....
-
Thanks for all the inputs. Apologies if I was not clear, but my first point of call was a colour diff of old and current config. This revealed most things.
I went ahead and spun up a VM and loaded my old config in the GUI. To my surprise, it did not force a reboot and I was able to browse at leisure. Without having to assign VLANs to virtual interfaces.
Mostly what I was missing were disabled rules, but there were a couple of NAT rules where the interface was changed and I had not noticed. So I am glad to have done it.
