Based on Article from pfsense.org
( https://doc.pfsense.org/index.php/Remote_Config_Backup#2.2.6_and_Later )
My router has http access (Port 80), if your router uses https, change the lines from http:// into https://.
<Password> = your admin password
192.168.0.112 = the ip from your pfsense router
The script get the config.xml file from the pfsense router. Compress the file as .tar.gz and stores it in the backup_pfsense directory from my fileserver. (adds date and time to the filename)
example: backup-20160410-0230-pfsense-settings.tar.gz
—————-
File: get_pfsense_backup.sh
#!/bin/bash
# Get configfile from pfsense 2.3 Router #
cd /tmp
# — get the config file —
wget -qO- –keep-session-cookies –save-cookies cookies.txt –no-check-certificate http://192.168.0.112/diag_backup.php \
| grep „name=’__csrf_magic'“ | sed ’s/.*value=“\(.*\)“.*/\1/‘ > csrf.txt
wget -qO- –keep-session-cookies –load-cookies cookies.txt –save-cookies cookies.txt –no-check-certificate \
–post-data „login=Login&usernamefld=admin&passwordfld=<Password>&__csrf_magic=$(cat csrf.txt)“ \
http://192.168.0.112/diag_backup.php | grep „name=’__csrf_magic'“ \
| sed ’s/.*value=“\(.*\)“.*/\1/‘ > csrf2.txt
wget –keep-session-cookies –load-cookies cookies.txt –no-check-certificate –post-data „Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 csrf2.txt)“ \
http://192.168.0.112/diag_backup.php -O config-pfsense-`date +%Y%m%d%H%M%S`.xml
# ——————-
# — compress the file, add date and time to the filename —
tar czf backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz config-pfsense*
# change owner
chown worker.worker backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz
# move file to backup directory
mv backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz /data/backup_pfsense
# remove temp files
rm cookies.txt
rm config-pfsense-*.xml
rm csrf.txt
rm csrf2.txt
#———— <eof> —————
The script runs as a custom cron job on my Centos Fileserver. Very sunday at 02:30 am
30 02 * * 0 /etc/cron.custom/get_pfsense_backup.sh # Backup firewall config