At times, we feel the need to restart Pfsense for either hardware configuration changes or firewall rules-related issues. That’s where we think to continue Pfsense, and it takes a few seconds only. But we will see later in this article that there are other benefits as well by doing it. Do you want to know how pfSense works?
Using the Diagnostics > Reboot System page or the console, the pfSense software may be securely restarted and restored to an operable state.
Jess here. I made 6-Figures in IT without needing a degree. If you like my blog, you can support it by checking out my progress to $188k per year in tech. (P.S. Now, I work remotely.)
Why Should You Restart Pfsense?
Well, here are some reasons to reboot or restart Pfsense:
Hardware Configuration Changes
New Services Installed: When new services are installed on pfSense, whether packages or other software like Snort or Squid, you will need to reboot for those new services to start up correctly. If you have made any hardware changes to your pfSense installation, such as changing CPU type or memory, you must reboot the machine for those changes to take effect.
You can quickly check if this is what’s causing your issue by viewing the Restart Required column in the System -> Packages page. If there’s anything there waiting to be restarted, you’ll want to click that Restart button and wait for it to return online so that everything will function properly again.
Firewall Rules Issues
This is probably the most common reason for restarting pfSense, but it’s also the hardest to diagnose without knowing a little more about firewall rules. So let me try to explain a little better.
When you make changes to your firewall rules, pfSense creates what’s called a “patch” for that change. A patch is just a way of taking all the context surrounding an existing rule and applying it to this new rule.
This means that if you have existing outbound NAT rules, they will continue to work after adding an inbound NAT rule, but each time you add or remove something from one of these patches, it has to be resolved through some sort of conflict resolution.
This means the old patch gets applied against the new patch, and any potential conflicts are resolved on their resolved independently.
Conflict Resolution Behavior
Rules Patches are processed in order so that later patches can affect earlier ones. When there is a conflict, the last patch that was added or modified takes precedence. This is why you need to restart pfSense after making changes to firewall rules because it creates a new patch and needs to apply it against all previous patches if there are any! When you don’t restart, it just keeps applying the old patches, leading to issues later on.
Advantages Of Restarting Pfsense
There are some other benefits as well for Restarting Pfsense whenever needed or decided. Some of them are listed below for your reference:
- To clear the DNS cache, which speeds up browsing after changing DNS servers.
- Though a bad idea to make a habit of this if you want to flush your current rule set without manually deleting them all.
- Clear the state table frees up memory and prevents issues for services that consume states (such as OpenVPN).
- Removing any routes installed by a package but no longer referenced by any firewall rules frees up route table space.
Steps to Restart Pfsense
1. From the shell, enter the following command: pfSEnse# /sbin/shutdown -r now
You will be prompted with a warning and then confirm that you want to restart. Type y and press enter or return key to restart Pfsense or type n, and press enter or Return key to cancel the shutdown process ‘PfSense Shell’ (ttyS0) #
2. Once completed, go back to your main menu by pressing 5 (option number 5).
3. Select option 2 (Restart System) and wait for your box to reboot.
4. Once Pfsense has rebooted, navigate back to the Diagnostics menu by pressing ‘2’. From there, you can press ‘1’ to initiate a Shell Connection with ttyS0 again.
5. At your new prompt, type ‘password’ and press enter or return key twice so that you are prompted for a password change.
6. Enter the desired password you want to set for login into Pfsense GUI, then repeat this password when prompted.
7. You will now be returned to the shell. Now type ‘exit’ to return to the Pfsense GUI login prompt.
8. You should now be able to log in again with your new password.
Now that we have restarted our Pfsense firewall, let’s now try and upgrade the system by issuing the following commands: PfSense Shell (ttyS0) # /bin/pkg update -r pfSense-core-2.3-RELEASE PfSense Shell (ttyS0) # /bin/pkg upgrade -r pfSense-core-2.3-RELEASE PfSense Shell (ttyS0) # reboot
Once completed and your Pfsense box has rebooted, we can now log in and see if our WebGUI is working again by typing in the new password we set earlier. You should no longer have any problems creating new Alias’.
If you are still having problems with the System after making these changes, try rebooting one more time before contacting support. If this does not fix your problem, contact support to look at what the issue could be.
This post also covers why you may need to restart your Pfsense box and what actions you can take if you are unable to access the WebGUI usually anymore.
Remember, always make sure that all known services are available before you restart! If for some reason one isn’t, then re-enable them (if needed) or issue an update/upgrade first. This will prevent any problems which could arise by not doing so beforehand.