Web Administration Issue After Restoring IPFire Configuration - Rule Migration Verification

jorldomi · 11 June 2025 14:11

Hello community,

I’ve performed an IPFire migration with the following details:

Installed the latest version of IPFire on new hardware
Restored complete configuration from my old IPFire (version 2.17 Core Update 95)
User file migration was successful
The only difference is the new device’s IP address
Not yet connected to internet or functioning as firewall

The main problem is that web administration won’t start, apparently because Apache isn’t launching correctly.

My specific questions:

Is it viable to restore configuration between different IPFire versions?
What steps do you recommend to solve the Apache issue?
What command-line methods can I use to verify that ALL firewall rules were correctly exported and imported?
Are there specific checks I should perform to confirm rule integrity?

I’m particularly interested in a CLI approach to comprehensively validate firewall rule migration.

I appreciate any suggestions or similar experiences.
Thanks in advanced.
Best regards.

pscar13 · 11 June 2025 14:52

I’m not sure if a backup of a 10-year-old version (version 2.17 Core Update 95) will work on a current version.

In this case, it’s best to restart the entire configuration manually.

jorldomi · 11 June 2025 15:52

Dear Phil :
thanks by your fast response. I was afraid this was going to happen..
In the ancient installation there are a lot of firewall rules, firewall groups, networks and host groups defined. Is possible migrate all these objects to new instalation ? If these is possble how to do that ?
Thanks in advance
Best regards.

bloater99 · 11 June 2025 16:06

You should be able to open the backup file *.ipf with 7-zip. You might be able to find the firewall rules in plain text.

bonnietwin · 11 June 2025 17:28

This could be due to the fact that in Core Update 138 the CBC cipher sets used for the Apache WUI access were removed from IPFire due to vulnerabilities in those ciphers.

Your backup from Core Update 95 would still be using those older vulnerable ciphers and they will not be accepted by Apache since Core Update 138.

I just checked the specified ciphers used since CU138 and none of them were used in Core Update 95.

If your previous system was running with Core Update 95 then I would recommend doing regular updates (preferably every Core Update) once you have your IPFire running again with CU194.

bonnietwin · 11 June 2025 17:36

Yes you can find them there. I use xarchiver on my Arch Linux system to access the .ipf files

In the backup directory var/ipfire/firewall the file named config contains all the rules from the top box in the WUI labelled Firewall Rules.

The file named input contains the firewall rules from the middle section in the WUI labelled Incoming Firewall Access.

The file named outgoing contains the firewall rules from the bottom section in the WUI labelled Outgoing Firewall Access.

pscar13 · 11 June 2025 18:13

You can try to restore only theses files

/var/ipfire/fwhosts/customhosts
/var/ipfire/fwhosts/customgroups
/var/ipfire/fwhosts/customnetworks
/var/ipfire/fwhosts/customservicegrp
/var/ipfire/fwhosts/customservices

/var/ipfire/main/hosts
/var/ipfire/dhcp/fixleases

/var/ipfire/firewall/config
/var/ipfire/firewall/input
/var/ipfire/firewall/outgoing
/var/ipfire/firewall/settings

jorldomi · 12 June 2025 12:40

Dear Phil :
thank you for the information shared. Coming soon will be to perform the new installation and I’ll restore the files listed. I’ll share the result with the forum.
Thank you very much again.
Best regards.

jorldomi · 17 June 2025 15:35

Dears :
finally i performed Ipfire migration sucessfully.
Thanks to all for your support and goob disposition.
Best Regards.