search

pfsensible / core

Core modules for managing pfSense firewalls with ansible
GNU General Public License v3.0
204 stars 51 forks source link

pfSense config file XML encoding #61

Open robertkarsai opened 1 year ago

robertkarsai commented 1 year ago

Hello,

I've noticed that the pfsense config file XML encoding differs from the default pfSense XML encoding when I use pfsensible.core. Example (start of the config file right after a change over pfsensible):

`<?xml version='1.0' encoding='us-ascii'?>

22.9 normal testfw-1 test.group Network Admins RADIUS Group remote 2000 page-all admins System Administrators system 1999 0 page-all all All Users system 1998 ` Start of the config file right after a change done in the webgui: ` 22.9 normal testfw-1 test.group Network Admins remote 2000 page-all admins system 1999 0 page-all all system 1998 ` While this encoding change has not caused any troubles I'm aware of, if you have a config management system that keeps track of your pfsense config changes then doing even just a slight adjustment with pfsensible causes hundreds of changes in the config file because of the encoding differences. BR Robert
opoplawski commented 1 year ago

This is a known issue and noted at the bottom of the README: https://github.com/pfsensible/core/blob/77349af3622aa98fb2cb67fc3daa75a4904c9846/README.md#L106

I have as yet found no way to replicate the pfSense XML format with the standard Python XML libraries. If you have a fix, it would be most welcome.

robertkarsai commented 1 year ago

I haven't noticed that one at the bottom of the README, sorry man. Unfortunately I'm not much of a Python guy, however I've tried to workaround it with a new feature in pfsense+ 23.01 (https://docs.netgate.com/pfsense/en/latest/development/php-shell.html#upgradeconfig). This could have been a oneliner shell task at the end of my playbooks reverting all the CDATA and all, the problem is, that this upgradeconfig feature of the pfsense PHP shell doesn't seem touch the encoding of the config file.

robertkarsai commented 1 year ago

Hi, I have a workaround for the XML encoding. If I put a task like this at the end of my pfsense playbooks, the XML encoding is changed back by pfsense native tools:

- name: Revert XML encoding
  shell: pfSsh.php playback enablesshd
opoplawski commented 1 year ago

I don't think I want modules to rewrite the config automatically, but I added a simple pfsense_rewrite_config task for people to use at the end of their plays like you did above.