Is it true pfSense doesn't support manually editing the configuration file?

  • The configuration files contain hardware-specific information that's mainly setup on first install. When you take the configuration file from one physical pfSense install and important it into another, it will overwrite that hardware-specific information. The only way around this is to manually edit the configuration file, or end up with a possibly totally messed up configuration on the import side.

    Furthermore, you can only reasonably copy specific information between installs by using a manually-edited configuration file (we're talking info that would take hours to setup again using the frontend). For instance: if I wanted to copy all my Snort info –- but not info on any other package --- I would need to use a merged import method.

    However I submitted a bug that stems from a small oversight that totally breaks pfSense, and it was instantly rejected on the grounds we should never manually edit configuration files, despite the fix being trivial (I already made the fix on my end). Furthermore, I encountered a similar bug on a previous version of pfSense when upgrading to a newer version of pfSense, stemming from the same problem.

    I've been trying to get my client orgs to adopt pfSense with its commercial support, but I don't see the point if fatal, unavoidable bugs are just rejected before they're even discussed; or, if the bug is reasonably avoidable, without an explanation why.

  • Netgate Administrator

    You have any details? Link to your bug report?

    Editing the config.xml file directly is inherently risky, it's easy to make a typo that can render the box booting back to it;s default config or worse. Thus it's hard to ever really advise anyone to do it. However there are times when editing the config file is by far the easiest way to get things done. Importing a config onto new hardware is one of those situations. If you have different NIC types (different drivers at least) then simply editing the interface assignments to the new NIC names will allow you to import the file and boot staright back up.


  • Netgate Administrator

    Ah, this is you?

    Slightly different then. Note that Chris does not say 'don't ever edit the config file manually'. What he says is, if you do edit the file make sure the result is a valid config. That's not necessarily that easy because there are no definitions of how the file should be (that I've ever seen!)  ;). Make sure you test the config somewhere unimportant. Use the code included in pfSense to import older config files to the newer file definitions in newer versions.

    What hardware specific settings are you referring to? Just the NIC names?
    In your case I would probably have restored the old file onto the new hardware and re-assigned the interfaces at first boot.

    You do seem to have a point about the config parser though, if it knows there is an error why does it allow it to be imported?


Log in to reply