  • pfsense 2.3 Backup as cron job

    Based on Article from pfsense.org
    ( https://doc.pfsense.org/index.php/Remote_Config_Backup#2.2.6_and_Later )

    My router has http access (Port 80), if your router uses https, change the lines from http:// into https://.

    <Password> = your admin password = the ip from your pfsense router


    The script get the config.xml file from the pfsense router. Compress the file as .tar.gz and stores it in the backup_pfsense directory from my fileserver. (adds date and time to the filename)
    example: backup-20160410-0230-pfsense-settings.tar.gz


    File: get_pfsense_backup.sh


    # Get configfile from pfsense 2.3 Router #

    cd /tmp

    # — get the config file —

    wget -qO- –keep-session-cookies –save-cookies cookies.txt –no-check-certificate \
    | grep „name=’__csrf_magic'“ | sed ’s/.*value=“\(.*\)“.*/\1/‘ > csrf.txt

    wget -qO- –keep-session-cookies –load-cookies cookies.txt –save-cookies cookies.txt –no-check-certificate \
    –post-data „login=Login&usernamefld=admin&passwordfld=<Password>&__csrf_magic=$(cat csrf.txt)“ \ | grep „name=’__csrf_magic'“ \
    | sed ’s/.*value=“\(.*\)“.*/\1/‘ > csrf2.txt

    wget –keep-session-cookies –load-cookies cookies.txt –no-check-certificate –post-data „Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 csrf2.txt)“ \ -O config-pfsense-`date +%Y%m%d%H%M%S`.xml

    # ——————-

    # — compress the file, add date and time to the filename —

    tar czf backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz config-pfsense*

    # change owner

    chown worker.worker backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz

    # move file to backup directory

    mv backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz /data/backup_pfsense

    # remove temp files

    rm cookies.txt
    rm config-pfsense-*.xml
    rm csrf.txt
    rm csrf2.txt


    #———— <eof> —————

    The script runs as a custom cron job on my Centos Fileserver. Very sunday at 02:30 am

    30 02 * * 0 /etc/cron.custom/get_pfsense_backup.sh # Backup firewall config