[pfSense Support] autorollback?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNL1xkAAoJEMvvG/TyLEAtvLMP/REFq++C3Wvzq1ANdJC9uGjN WqacjBMSvaESr1NpP6h9BSWdaOTcBOvfjh+bCNkItHWsVJhAc+IC7voZTWpd4W9G IM9l6cuEeNmB87IusV1ik4GUmTVbc6s+rOLu+xGMJk1LJlaNlaJbtcdfEEywMGxQ 1vfCecgPG/863UP6h3/RKZsfBC7996M78h4EXnkV+sLz3o9/sfh2GP3ykixWYYI7 +OMGZOJf6RhGtUxeSHqj9XfiTaTbvFf/usMvrnDjE8mDQJPtkVI1eLnz+r2QX8Cq +d7E+yJiCYuI4Sm2FltMRCPcUITXjnlcdmT+jWKKJhffNb64mbAn8gEu2zO1RubD JAOr6iK64fdBiL9vw3GnlfT+9tw043lNXgn2uMMaAOXWEHKKU+kwo738WVBCTHzv /iUw/6X08o45Dci55k0iyruNUsfOW86hOoZCZ23buWPimHprTcWMiTgMCBWzdzb1 8IgWv//eaOr4SENhUq7HTHDgQsxrEGBJ6Cl8fMP3oArHgCoxs3Y92eUvft4+PBtH morfUCLnlM1mw78ql/HGh+XWMdc3tuFDkg/+IAuXSutpYIMlVKJsNaN6a+dc/f9E ftg9nJwotMPd1w0U7RBitjyrSI6+TSb7DlPZLpWiDH+Vn7nayFyPZ+f6XzoMg9kw qdtbjippuYfoYpSADd3Z =zZPN -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNL1xkAAoJEMvvG/TyLEAtvLMP/REFq++C3Wvzq1ANdJC9uGjN WqacjBMSvaESr1NpP6h9BSWdaOTcBOvfjh+bCNkItHWsVJhAc+IC7voZTWpd4W9G IM9l6cuEeNmB87IusV1ik4GUmTVbc6s+rOLu+xGMJk1LJlaNlaJbtcdfEEywMGxQ 1vfCecgPG/863UP6h3/RKZsfBC7996M78h4EXnkV+sLz3o9/sfh2GP3ykixWYYI7 +OMGZOJf6RhGtUxeSHqj9XfiTaTbvFf/usMvrnDjE8mDQJPtkVI1eLnz+r2QX8Cq +d7E+yJiCYuI4Sm2FltMRCPcUITXjnlcdmT+jWKKJhffNb64mbAn8gEu2zO1RubD JAOr6iK64fdBiL9vw3GnlfT+9tw043lNXgn2uMMaAOXWEHKKU+kwo738WVBCTHzv /iUw/6X08o45Dci55k0iyruNUsfOW86hOoZCZ23buWPimHprTcWMiTgMCBWzdzb1 8IgWv//eaOr4SENhUq7HTHDgQsxrEGBJ6Cl8fMP3oArHgCoxs3Y92eUvft4+PBtH morfUCLnlM1mw78ql/HGh+XWMdc3tuFDkg/+IAuXSutpYIMlVKJsNaN6a+dc/f9E ftg9nJwotMPd1w0U7RBitjyrSI6+TSb7DlPZLpWiDH+Vn7nayFyPZ+f6XzoMg9kw qdtbjippuYfoYpSADd3Z =zZPN -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On 1/13/2011 3:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? Even if you don't apply changes, the config has still been saved. You can always just go to Diagnostics Backup/Restore on the config history tab and go back to any of the last 25 or so configs. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, 13 Jan 2011, Jim Pingle wrote: On 1/13/2011 3:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? Even if you don't apply changes, the config has still been saved. So, what's the point with an apply changes then? Cheers, -- Cristian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, Jan 13, 2011 at 3:55 PM, Cristian Ionescu-Idbohrn cristian.ionescu-idbo...@axis.com wrote: On Thu, 13 Jan 2011, Jim Pingle wrote: On 1/13/2011 3:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? Even if you don't apply changes, the config has still been saved. So, what's the point with an apply changes then? Because they aren't applied until you click that, but are saved to the config. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The feature on cisco/juniper is a two phase application process. Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. I miss this feature on pfsense. It's on Juniper and Cisco devices and would be useful on pfsense. On 01/13/2011 12:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNL2fSAAoJEMvvG/TyLEAtTJwQAL4BVGNo24abXG+XQfekeX6q pV28fEapTxkUELhrWTQzc+/vIUxF40uf6J/tmD/X4jS+zZUzcKouhn4CwkOAsGKq 50qkyv0ktROBP8wRginIMGU/XhgOc7/GuAZGqOItB4A56OYb8rqV0xLJAIMNJ9gc kE7aTx6SqAdtR594P3YRAqbspJ9/7HGcyYoeicc3/TuA/DVjZDoSGVd3zhkRmbwO 706j3fwkVzTBDDEieEABs8W/uFydFsgeeXuFQkprFIz0IHyMoz9fwwKd9lgsi7yI bAMMuLfV3rO7i7J/vDz+kXGUkaVrAviKicHAk/JXkD2KCxeIzeqpJpziyYunhr/Q byUltKtsTzm+pIZCFQCr9DGDxQrmAgMqvmk7K3ZzmZwifZJXu0lHFsQZwbTf+g2g 6G5iTbMh++ZRJvp2Y4uKZEGWb0owkfpVPat3lhajvQu/2Eusp4vcHkYKverjBhJn GGA6oTlkqrxVDFQiuOFst4H9N1+xgNH7NdEfYnqHjl3Q92sq5EcS3Z4Dqm8XIq1f fkXKoV383u1ZhpKosWfC4naTV+FXymQgd4Elmv6czc315zvQbbouO8JUsFqDSizH nHv/yvmSGBM6QM2Kn2lpipGtCHFETN9J24Aua9qocvrNoTbQk25FdB3meNAyy2jN PN+iHbw+q57jQ+PoyXGj =01Yv -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
would be easy, before applying changes make a local xml backup, and add an option to revert back to previous XML On 11-01-13 04:00 PM, Charles N Wyble wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The feature on cisco/juniper is a two phase application process. Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. I miss this feature on pfsense. It's on Juniper and Cisco devices and would be useful on pfsense. On 01/13/2011 12:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNL2fSAAoJEMvvG/TyLEAtTJwQAL4BVGNo24abXG+XQfekeX6q pV28fEapTxkUELhrWTQzc+/vIUxF40uf6J/tmD/X4jS+zZUzcKouhn4CwkOAsGKq 50qkyv0ktROBP8wRginIMGU/XhgOc7/GuAZGqOItB4A56OYb8rqV0xLJAIMNJ9gc kE7aTx6SqAdtR594P3YRAqbspJ9/7HGcyYoeicc3/TuA/DVjZDoSGVd3zhkRmbwO 706j3fwkVzTBDDEieEABs8W/uFydFsgeeXuFQkprFIz0IHyMoz9fwwKd9lgsi7yI bAMMuLfV3rO7i7J/vDz+kXGUkaVrAviKicHAk/JXkD2KCxeIzeqpJpziyYunhr/Q byUltKtsTzm+pIZCFQCr9DGDxQrmAgMqvmk7K3ZzmZwifZJXu0lHFsQZwbTf+g2g 6G5iTbMh++ZRJvp2Y4uKZEGWb0owkfpVPat3lhajvQu/2Eusp4vcHkYKverjBhJn GGA6oTlkqrxVDFQiuOFst4H9N1+xgNH7NdEfYnqHjl3Q92sq5EcS3Z4Dqm8XIq1f fkXKoV383u1ZhpKosWfC4naTV+FXymQgd4Elmv6czc315zvQbbouO8JUsFqDSizH nHv/yvmSGBM6QM2Kn2lpipGtCHFETN9J24Aua9qocvrNoTbQk25FdB3meNAyy2jN PN+iHbw+q57jQ+PoyXGj =01Yv -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, 13 Jan 2011, Chris Buechler wrote: On Thu, Jan 13, 2011 at 3:55 PM, Cristian Ionescu-Idbohrn cristian.ionescu-idbo...@axis.com wrote: On Thu, 13 Jan 2011, Jim Pingle wrote: Even if you don't apply changes, the config has still been saved. So, what's the point with an apply changes then? Because they aren't applied until you click that, but are saved to the config. Shouldn't that be: apply changes, activate changes, and if that succeeds save config? Don't apply changes, keep everything unchanged? Cheers, -- Cristian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, Jan 13, 2011 at 2:00 PM, Charles N Wyble char...@knownelement.com wrote: Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. Ubiquiti's AirOS 5 has a change button which updates the config file but doesn't apply it. Pressing it also causes three buttons to appear on the page, Test, Apply and Cancel. If you hit the test button it applies your changes then posts a countdown from 180 seconds and the 3 previous buttons are replaced by 2 new, Apply and Revert. This feature has saved me many walks in the snow, and I can see how it could be useful in pfsense. AirOS is open, so I imagine the code could be borrowed if it proves useful/portable to a dev. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
Although I never found myself in a situation where I need to have an auto-revert, I can see how this will be useful for some. Or for myself, someday. Rgds, On 2011-01-14, David Burgess apt@gmail.com wrote: On Thu, Jan 13, 2011 at 2:00 PM, Charles N Wyble char...@knownelement.com wrote: Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. Ubiquiti's AirOS 5 has a change button which updates the config file but doesn't apply it. Pressing it also causes three buttons to appear on the page, Test, Apply and Cancel. If you hit the test button it applies your changes then posts a countdown from 180 seconds and the 3 previous buttons are replaced by 2 new, Apply and Revert. This feature has saved me many walks in the snow, and I can see how it could be useful in pfsense. AirOS is open, so I imagine the code could be borrowed if it proves useful/portable to a dev. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] autorollback?
-Original Message- From: Pandu Poluan [mailto:pa...@poluan.info] Sent: Thursday, January 13, 2011 2:36 PM To: support@pfsense.com Subject: Re: [pfSense Support] autorollback? Although I never found myself in a situation where I need to have an auto-revert, I can see how this will be useful for some. Or for myself, someday. Rgds, On 2011-01-14, David Burgess apt@gmail.com wrote: On Thu, Jan 13, 2011 at 2:00 PM, Charles N Wyble char...@knownelement.com wrote: Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. Ubiquiti's AirOS 5 has a change button which updates the config file but doesn't apply it. Pressing it also causes three buttons to appear on the page, Test, Apply and Cancel. If you hit the test button it applies your changes then posts a countdown from 180 seconds and the 3 previous buttons are replaced by 2 new, Apply and Revert. This feature has saved me many walks in the snow, and I can see how it could be useful in pfsense. AirOS is open, so I imagine the code could be borrowed if it proves useful/portable to a dev. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org I am also for this change. Never know when you may need it, but is a great fail safe. Thanks, Chase Bolt - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] autorollback?
The feature on cisco/juniper is a two phase application process. Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. I miss this feature on pfsense. It's on Juniper and Cisco devices and would be useful on pfsense. I know exactly what you mean and on RHEL systems I am doing iptables changes remotely with, I always `echo orig_script.sh |at now +10 minutes` then make changes and if I am happy I atrm the job. If I overlooked or fat fingered something, I just have to wait... So how does one do a restore from the cli in pfSense? You could accomplish the something... jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, Jan 13, 2011 at 6:13 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: The feature on cisco/juniper is a two phase application process. Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. I miss this feature on pfsense. It's on Juniper and Cisco devices and would be useful on pfsense. I know exactly what you mean and on RHEL systems I am doing iptables changes remotely with, I always `echo orig_script.sh |at now +10 minutes` then make changes and if I am happy I atrm the job. If I overlooked or fat fingered something, I just have to wait... So how does one do a restore from the cli in pfSense? cd /cf/conf/backup cp config-xxx.xml ../config.xml reboot replacing config-.xml with whichever one you want. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] autorollback?
So how does one do a restore from the cli in pfSense? cd /cf/conf/backup cp config-xxx.xml ../config.xml reboot replacing config-.xml with whichever one you want. Chris, That's simple enough. So utilizing what comes stock, would you suggest a cron job be the best thing to use for this if you are worried about losing your shell? Thanks! jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, Jan 13, 2011 at 10:46 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: So how does one do a restore from the cli in pfSense? cd /cf/conf/backup cp config-xxx.xml ../config.xml reboot replacing config-.xml with whichever one you want. Chris, That's simple enough. So utilizing what comes stock, would you suggest a cron job be the best thing to use for this if you are worried about losing your shell? Yeah you could do that and accomplish the same thing, kind of ugly though it would work. Would be nice to have another option in the future. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
