pfSense: restore broken config file

Restoring a configuration file for pfSense when it actually stays in a boot-loop

My pfSense firewall at home got a pretty heavy misconfiguration by myself and that resulted in an annoying boot-loop. This took me quite a while to research, but I finally got it working again. Thank god pfSense makes backups of its configuration so this recovery process works quite well.

Follow these steps

  1. Boot into single user mode

    Connect to your firewall (with a serial console) and choose option 5) Reboot system and confirm with the letter S (capital s).

  2. ZFS version only

    1. Remount root slice as read-write:

       /sbin/mount -u /
    2. Mount all ZFS filesystems, datasets etc.

       /sbin/zfs mount -a
    3. Working within the mounted filesystems

      1. Enter /cf/conf

         cd /cf/conf
      2. Copy the newest backup file back

         cp backup/config-1648889613.xml config.xml
      3. Clear the config cache

         rm /tmp/config.cache
      4. Reload system and it’s services

         /etc/rc.reload_all start

        This may take a while. At this point we are done, we can now remove the single user mode boot configuration and reboot the firewall.

    4. Clear the single user mode boot configuration

       /sbin/nextboot -D

      ZFS does not clear the single user mode boot configuration by itself, that’s why we have to delete it after we are done with our work.

    5. Reboot the system


      You could also use exit, but that would only continue booting into multi user mode without rebooting the system first. I personally think that we would benefit from a full reboot.

Okay, that’s it all for now. Please note that I do not use the UFS filesystem any more, so I won’t add this to my little instruction set.

This post was actually older, I’ve saved the instructions in a textfile until I found the time to format it and publish it on my website.