Learn how to restore pfSense from backup using the CLI with step-by-step commands, file locations, and examples for quick recovery. Our Pfense Support Team is always here to help you.
How to Restore pfSense From Backup Using the CLI Safely and Quickly
When your pfSense web interface refuses to load, it can feel like you’re out of options. But you’re not. You can restore pfSense from backup using the CLI and bring your firewall back to life. This guide shows the exact commands and process without skipping anything.
What is pfSense?
pfSense is a free and open-source firewall and router platform (beginners guide to install pfSense). It usually runs on standard hardware and is managed from a web interface. Most users rarely touch the terminal. However, in rare cases, like when the web GUI fails, you need to rely on the CLI.
Restoring pfSense
The pfSense configuration is stored in a single XML file (pfSense Multi-Site VPN Setup):
- Current config: /cf/conf/config.xml
- Backup configs: /cf/conf/backup/
To restore pfSense from backup using the CLI, follow these actions:
1. Connect and Boot in Single User Mode
Connect your Netgate appliance to your workstation with a mini-USB cable. While booting, select single user mode from the options.
2. Remount Filesystem in Read/Write
mount -u /cf3. Check and Repair Filesystem
fsck -yf /4. Locate and Copy a Backup File
Inside /cf/conf/backup/, pick a previous config file (avoid the latest if it’s faulty) and copy it over the current config:
cp /cf/conf/backup/config-1593242670.xml /cf/config/config.xml5. Remove Cached Config
rm /tmp/config.cache6. Reload Configuration
/etc/rc.reload_all start7. Reboot
rebootAfter reboot, pfSense will run with the restored configuration from the chosen backup file.
Automating pfSense Backups
Restoring pfSense from backup is effective, but regular backups make recovery easier. Since pfSense comes with curl pre-installed, you can script automatic backups.
Login with curl
# curl -k -b cookies.txt -c cookies.txt --data \
'login=Login&usernamefld=backup&passwordfld=password' \
https://127.0.0.1/diag_backup.phpYou’ll see confirmation in syslog:
mypfsense php: /diag_backup.php: Successful login for user 'backup' from: 127.0.0.1Download Backup File
# curl -k -b cookies.txt -o config-router-`date +%Y%m%d%H%M%S`.xml \
--data 'Submit=download&donotbackuprrd=no' \
https://127.0.0.1/diag_backup.phpThis saves a timestamped XML config, for example:
config-router-20140821111558.xml: XML document textAutomating with Script
#!/bin/sh
if [ -f cookies.txt ]; then
rm cookies.txt
fi
/usr/local/bin/curl -k -b cookies.txt -c cookies.txt --data \
'login=Login&usernamefld=backup&passwordfld=password' \
https://127.0.0.1/diag_backup.php
/usr/local/bin/curl -k -b cookies.txt -o /root/config-router-`date +%Y%m%d%H%M%S`.xml \
--data 'Submit=download&donotbackuprrd=no' \
https://127.0.0.1/diag_backup.phpAdd to Crontab
Run the script weekly with cron:
0 2 * * 6 /root/scripts/backupYou can test it under cron’s environment with:
env -i SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin \
HOME=/root LOGNAME=root /root/backup[If needed, Our team is available 24/7 for additional assistance.]
Conclusion
When the GUI fails, knowing how to restore pfSense from backup using the CLI can save hours of downtime. With the backup process automated, you’ll always have safe restore points ready. This combination keeps your firewall reliable and reduces the stress of sudden failures.
