14.04 missing "/etc/init.d/ufw"? my firewall never auto starts
Solution 1
I also do not have /etc/init.d/ufw and ufw was not auto starting on reboot. But I did this
sudo apt-get install iptables-persistent
On rebooting I checked with
sudo ufw status
It showed active, It always used to show inactive in previous reboots and I used to have to do
sudo ufw enable
I have not installed gufw, I am beginner desktop user, so I have no idea why it worked and whether it will work for you, but it seemed simpler, may be it will help somebody.
Solution 2
[Check this first (I will validate it when I have time), properly configuring ufw may be the best thing to do, this answer here would then just be a fallback.]
Based on this answer and log tip from this answer, I added this:
exec 2> /tmp/rc.local.log # send stderr from rc.local to a log file
exec 1>&2 # send stdout to the same log file
#set -x # tell sh to display commands before execution
# this wont exit until successful!
while ! ufw enable;do
if ufw status |grep "Status: active";then
break
fi
echo "Failed to apply ufw rules at `date`" >>/dev/stderr;
sleep 10;
done
to /etc/rc.local
before the exit 0
and now it properly loads ufw rules on boot!
But this is a user workaround and not a fix to the system...
I opted also to "change" the rules instead of applying them as default as suggest this answer, because I am not completely sure my custom rules are trouble free.
IMPORTANT: the "if" code did not work once, so I created the "while" code that til now has not caused trouble.
Solution 3
For the effort that went into figuring out the solution, the answer is surprisingly simple.
In /etc/init/ufw.conf:
1) Comment out lines 9 - 11
2) Insert after line 11: start on startup
Fixes the whole problem, including logging to /var/log/ufw.log.
Note
If you have iptables-persistent
installed, you must disable it.
Move iptables-persistent
out of /etc/init.d and rename all the symlinks in rc0.d
-rcS.d
by making the 1st letter (S or K) lower case. (Or move them out.)
Solution 4
Maybe is your path wrong. Not /etc/init.d/wfw
than /etc/init/ufw.conf
I have files with ufw
in the name on the fallowing places
xxx@xxx ~/xxx $ sudo find / -name ufw*
[sudo] password for xxx:
/lib/ufw
/lib/ufw/ufw-init-functions
/lib/ufw/ufw-init
/etc/bash_completion.d/ufw
/etc/default/ufw
/etc/init/ufw.conf
/etc/logrotate.d/ufw
/etc/ufw
/etc/ufw/ufw.conf
/usr/lib/python3/dist-packages/ufw-0.33_0ubuntu4.egg-info
/usr/lib/python3/dist-packages/ufw
/usr/share/doc/ufw
/usr/share/man/man8/ufw-framework.8.gz
/usr/share/man/man8/ufw.8.gz
/usr/share/locale-langpack/en_CA/LC_MESSAGES/ufw.mo
/usr/share/locale-langpack/en_GB/LC_MESSAGES/ufw.mo
/usr/share/locale-langpack/en_AU/LC_MESSAGES/ufw.mo
/usr/share/lintian/overrides/ufw
/usr/share/ufw
/usr/share/ufw/ufw.conf
/usr/share/icons/Mint-X/apps/22/ufw-frontends.png
/usr/share/icons/Mint-X/apps/48/ufw-frontends.png
/usr/share/icons/Mint-X/apps/32/ufw-frontends.png
/usr/share/icons/Mint-X/apps/16/ufw-frontends.png
/usr/share/icons/Mint-X/apps/24/ufw-frontends.png
/usr/share/icons/Mint-X/apps/scalable/ufw-frontends.svg
/usr/sbin/ufw
/var/lib/dpkg/info/ufw.md5sums
/var/lib/dpkg/info/ufw.postinst
/var/lib/dpkg/info/ufw.list
/var/lib/dpkg/info/ufw.prerm
/var/lib/dpkg/info/ufw.conffiles
/var/lib/dpkg/info/ufw.templates
/var/lib/dpkg/info/ufw.config
/var/lib/dpkg/info/ufw.preinst
/var/lib/dpkg/info/ufw.postrm
/var/lib/dpkg/info/ufw.triggers
/var/log/ufw.log.4.gz
/var/log/ufw.log.2.gz
/var/log/ufw.log.1
/var/log/ufw.log
/var/log/ufw.log.3.gz
Output from init file
cat /etc/init/ufw.conf
# ufw - Uncomplicated Firewall
#
# The Uncomplicated Firewall is a front-end for iptables, to make managing a
# Netfilter firewall easier.
description "Uncomplicated firewall"
# Make sure we start before an interface receives traffic
start on (starting network-interface
or starting network-manager
or starting networking)
stop on runlevel [!023456]
console output
pre-start exec /lib/ufw/ufw-init start quiet
post-stop exec /lib/ufw/ufw-init stop
EDIT 1
xxx@xxx ~ $ sudo ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
69 ALLOW Anywhere
22 ALLOW Anywhere (v6)
69 ALLOW Anywhere (v6)
Related videos on Youtube
Aquarius Power
Updated on September 18, 2022Comments
-
Aquarius Power over 1 year
I need to know how to fix the missing "/etc/init.d/ufw" file, is it some package or some command?
I used the
gufw
to enable it, but on reboot my firewall was still off...I created a symlink
/etc/init.d/ufw -> /lib/init/upstart-job
but I could not make it work likestart ufw
(neither after reboot).I found this file
/lib/ufw/ufw-init
, it looks like a init.d file! can I copy or symlink it there?Additional (optional) questions:
How to find what package has that file?apt-cache search
didnt work..
Can we safely create such a script?
Any idea why is it missing?Obs.:
My/etc/ufw/ufw.conf
hasENABLED=yes
(but seems useless).
iptables -L
becomes different after Iufw enable
, so ufw rules are not being applied on boot by any other means.PS.: this script did NOT work either
sudo ln -s /lib/ufw/ufw-init /usr/sbin/ufw-init sudo ln -s /lib/init/upstart-job /etc/init.d/ufw-init #sudo update-rc.d -f ufw-init remove sudo update-rc.d ufw-init defaults 99 sudo -k
-
Aquarius Power almost 10 yearscould you confirm that your firewall is actually starting on boot by issuing
ufw status
on terminal? because your system have no entry oninit.d
either; and just after boot when I type it here I get "Status: inactive"; and as I understand,ufw.conf
should only be a configuration file (even if it has commands on it), so that file should be called by some other script to actually work, not by itself. If your firewall is being started, could you check if some other file at/etc/
can be callingufw
in some way? -
2707974 almost 10 yearsYes, work and start on stratup. You have My edit.
-
Aquarius Power almost 10 yearsso, do you have a clue how your ufw is being activated? I think what is missing is a grep for
uwf
at/etc
to see what scripts can be calling it? because as far I checked, my system is equal to yours (except ufw version that mine is 0.34) as I compared the outputs withmeld
:( -
Aquarius Power over 9 yearsI have not it installed yet; also sometimes ufw seems to work automatically, but most times it doesnt; I think there is default rules and when we activate ufw, it apply new rules; and this package make such new rules be the default; I am still not sure if I want to make my new rules be the default so in case I boot without ufw, the vanilla default will be kept; but indeed may be helpful, thx!
-
gone about 8 yearsThanks Aquarius, your script does work for me. However there is a significant delay before it invokes ufw. I am able to log in and run
ufw status
(which shows 'status: inactive') before ufw gets loaded. Perhaps there is a way of getting this done quicker. -
Aquarius Power about 8 years@gone I believe, changing the line
sleep 10;
to 1s will not cause system overhead in a sense that, you may not login faster than 1s, and stillufw enable
each second MAY not cause trouble, but, it will have to be tested... -
Aquarius Power about 8 yearsSounds interesting, so basically we have to modify the "start on ..." command. I will validate it as soon I can ,thx!
-
gone about 8 yearsI think the problem is related to the fact that none of the
start on
conditions in the conf script are actual UpStart events: upstart-events - Well-known Upstart events summary -
Aquarius Power about 8 yearsThis sounds like a bug or iptables limitation (not implemented functionality). We shouldnt have to remove functionalities to workaround something that should work normally :(. My iptables version is v1.4.21, what is yours?
-
gone about 8 yearsSince UFW and iptables-persistent both manage iptables, I think the problem of having both of them operating is due to race conditions. So sometimes UFW gets in 1st, and then iptables-persistent overwrites with its settings, and other times, the opposite.
dpkg -l iptables-persistent
says I have version 0.5.7 and myiptables
version is 1.4.21-1ubuntu1 , and my test system's packages are up-to-date. Since I've disablesiptables-persistent
, my UFW is always active as soon as I log in. -
Aquarius Power about 8 yearsinterestingly enough, I do not have
iptables-persistent
installed :> -
gone about 8 yearsAnother possible source of race conditions between UFW and other iptables management sources could come from using some of the suggestions offered in Ubuntu IptablesHowTo guide. I had Solution #1 implemented on my system but commented it out. I think this is a good option if there is no need to change firewall settings. I assume you've tried changing the startup condition to
start on startup
. Is UFW loading reliably since you did this?