[Solved, but unsatisfied] Configuration history logs "full" revert of settings
I'm quite new to pfSense, but thought I had a good configuration for my needs as a second router for my VMs.
My installation is pfSense 2.1.5 with no additional packages.
Yesterday, I checked, for the first time, my configuration history and used the diff feature only to find out, that approx. two hours after I installed, configured and tested (nmap port scans to check firewall settings) pfSense, all my settings were logged as reverted until I did the next configuration change two weeks later. The log entries reverting my settings were "(system): upgrading config level from 9.8 to 10.1" (tough all prior logs state to be already 10.1) and "(system): Importing HTTPS certificate". I don't even know what triggered those changes, as I didn't touch the certs, which were not necessary to change for me.
A diff of the first log in the history and the "(system): Importing HTTPS certificate" shows that nearly no changes were between those, aka all my changes in between lost and running pfSense with default settings.
I'm a bit worried, if I didn't notice that my firewall and settings were down two weeks and I worked with default settings, or the log is misleading.
Can anybody explain this? I'm going to do a fresh install and check this behavior as soon as I have time. If the settings are really reverted, this would be quite a downer, as I really like pfSense.
I installed pfSense two times anew and checked the config history. Both times the history begins with a) "unknown", b) "(system): upgrading config level from 9.8 to 10.1", and c) "(system): Importing HTTPS certificate". This looks correct.
For the productive system, I can't check the beginning of the config history in the webgui, because the first entries are already gone. So I can't say if my config history had these entries twice. Are the backups kept in the file system?
I don't know what triggered both config changes by system at a later stage in my "productive" firewall to appear at this time with no reason that I can see.
Maybe a developer can say something about the conditions that should trigger those events.
A revert to "(system): Importing HTTPS certificate" does the obvious and kills all changes. But the password was also reset, so I can be somewhat sure that the config history is wrong, because I never used the default password at a later stage to log in.
Nevertheless, this worries me and every response is welcome :-)
The solution is relatively easy and involves the system time that uses my Hypervisor time (+2) and adds another +2 for my time zone setting in pfSense. This gets me a wrong time,
obviously. After NTP updates the time it is correct again, but old times are not updated. So the time line is sent down to the dumps. At least, this explains the 2 hours difference between the settings.
To be honest, that is crap (not pfSense's fault, nor Hypervisor's) and I don't know what would be a solution. Maybe pfSense should allow to set a time next to time zone (and overwrite bios time)?
PS I would love a statistic pointing out how many bugs are related to time zone and file format conversion fun :-)